Common Criteria

Certify your product to meet Government (NIAP & EAL) and Regulated Industry requirements for information assurance

CC White 406x406

Common Criteria

Certify your product  to meet Regulated Industry and Government requirements for information assurance

What Is Common Criteria?

Common Criteria is an internationally recognized set of guidelines (ISO 15408), which define a common framework for evaluating security features and capabilities of Information Technology security products against functional and assurance requirements.
Once completed, it provides assurance to buyers that the process of specification, implementation and evaluation for any certified computer security solution was conducted in a thorough and standard manner.

The Standard: Common Criteria

blank The National Information Assurance Acquisition Policy, NSTISSP No. 11, requires government agencies to purchase only those commercial security products that have met specified third-party assurance requirements and have been tested by an accredited national laboratory.
blank Completing your Common Criteria evaluation allows you to sell your solutions to the U.S. Federal Government, International Governments, and other highly regulated industries around the globe.

The Paths: Security Requirements

Thirty one countries, including the United States and Canada, have signed the Common Criteria Recognition Arrangement (CCRA), making it an unparalleled measure of security for the international commerce of IT products.
There are two available paths to completing Common Criteria certification. The requirements and features of your solution will dictate which path is more suitable for your company.
Common Criteria - Protection ProfilePROTECTION PROFILE
A Protection Profile (PP) is a product specific set of security criteria, each “product profile” contains varying requirements that must be addressed to pass CC certification
  • All CC evaluations completed in the U.S. must adhere to a NIAP approved Protection Profile
  • Your product must conform to ALL requirements specified within the PP
  • PPs are accepted internationally
  • There are currently 37 approved Protection Profiles and even more in development
Common Criteria - EALEVALUATION ASSURANCE LEVEL
Common Criteria evaluations can be performed against a set of predetermined Evaluation Assurance Levels (EAL). The EAL is a grade given in relation to how the product addresses the functional and assurance requirements
  • There are 7 Assurance Levels
  • Each Level is more stringent then the previous one
  • The CCRA established that evaluations up to an EAL 2 be recognized by all participating countries, regardless of where the evaluation was completed
Protection Profile
A Protection Profile (PP) is a product specific set of security criteria, each “product profile” contains varying requirements that must be addressed to pass CC certification
All CC evaluations completed in the U.S. must adhere to a NIAP approved Protection Profile
  • Your product must conform to ALL requirements specified within the PP
  • A PP is accepted internationally at an EAL 2+
  • There are currently 37 approved Protection Profiles and even more in development
Evaluation Assurance Level
Common Criteria evaluations can be performed against a set of predetermined Evaluation Assurance Levels (EAL). The EAL is a grade given in relation to how the product addresses the functional and assurance requirements
  • There are 7 Assurance Levels
  • Each Level is more stringent then the previous one
  • The CCRA established that evaluations up to an EAL 2 be recognized by all participating countries, regardless of where the evaluation was completed

The Process: Done Once, Done Right

Corsec’s Three-Step Methodology helps to decrease risk, increase security, and accelerate sales; guaranteeing validation success – Done Once, Done Right!

Corsec Assess for FIPS 140-2. Common Criteria, and the DoDIN APL

Assess

An Assessment of Your Company & Product to Identify an Efficient Certification Path

Corsec Enhance for FIPS 140-2. Common Criteria, and the DoDIN APL

Enhance

Design Consulting to Harden Your Product Against CC Requirements

Corsec Validate for FIPS 140-2. Common Criteria, and the DoDIN APL

Validate

End-to-End Support to Guide You Through The Entire Certification Process

Corsec Assess for FIPS 140-2. Common Criteria, and the DoDIN APL

Assess

An Assessment of Your Company & Product to Identify the Most Efficient Path to Certification

Corsec Enhance for FIPS 140-2. Common Criteria, and the DoDIN APL

Enhance

Design Consulting to Harden Your Product Against CC Requirements

Corsec Validate for FIPS 140-2. Common Criteria, and the DoDIN APL

Validate

End-to-End Support to Guide You Through The Entire Certification Process
Determining the appropriate approach for your Common Criteria certification is essential; depending on your product, the path and level you pursue, your TOE, and the engineering changes required, your path to certification could alter greatly.

Have Questions? Talk To An Expert