What Is Common Criteria:

Common Criteria is an internationally recognized set of guidelines (ISO 15408), which define a common framework for evaluating security features and capabilities of Information Technology security products. It provides assurance to buyers that the process of specification, implementation, and evaluation for any certified solution was conducted in a thorough and standard manner.

The National Information Assurance Acquisition Policy, NSTISSP No. 11, requires government agencies to purchase only those commercial security products that have met specified third-party assurance requirements and have been tested by an accredited national laboratory.

Common Criteria allows you to sell into the U.S. Federal Government, International Governments, and highly regulated industries around the globe. It is not only required for access to government markets, but also serves as a competitive differentiator.

Timeframe and Process:

A typical evaluation can take years to complete without proper guidance and preparation. Corsec’s support and regularly scheduled maintenance help your team avoid common pitfalls in the process and can expedite your time to certification. When done correctly, your certification will remain valid for up to two years.

Corsec - Common Criteria Timeframe and Process

Common Criteria consists of several predetermined evaluation assurance levels, each one more stringent than the last. Corsec’s turnkey solution helps you plan and execute on a successful evaluation given your product’s unique market drivers, competitive landscape, and primary goals.

Worldwide Recognition:

Twenty-seven countries, including the United States and Canada, have signed the Common Criteria Recognition Arrangement (CCRA), making it an unparalleled measure of security for the international commerce of IT products.

The CCRA is a pact, which was designed to allow all evaluations up to an evaluation assurance level (EAL) 2, gain recognition by all participating countries, regardless of where the evaluation was completed.

All evaluations completed in the U.S. must adhere to a Protection Profile, which is accepted internationally at an EAL 2+.

The requirements and features of your solution will dictate which path to certification is more suitable for your company.

CC Myths

Have question on the timeframe, costs, and resource requirements for your product’s evaluation?