Common Criteria

CC White 406x406

Certify your product  to meet Regulated Industry and Government requirements for information assurance

Common Criteria

Certify your product  to meet Regulated Industry and Government requirements for information assurance

What Is Common Criteria?

Common Criteria is an internationally recognized set of guidelines (ISO 15408), which define a common framework for evaluating security features and capabilities of Information Technology security products against functional and assurance requirements.
Once completed, it provides assurance to buyers that the process of specification, implementation and evaluation for any certified computer security solution was conducted in a thorough and standard manner.

The Standard           The Paths           The Process

The Standard: Common Criteria

The National Information Assurance Acquisition Policy, NSTISSP No. 11, requires government agencies to purchase only those commercial security products that have met specified third-party assurance requirements and have been tested by an accredited national laboratory.
Completing your Common Criteria evaluation allows you to sell your solutions to the U.S. Federal Government, International Governments, and other highly regulated industries around the globe.

The Paths: Security Requirements

Twenty-seven countries, including the United States and Canada, have signed the Common Criteria Recognition Arrangement (CCRA), making it an unparalleled measure of security for the international commerce of IT products.
There are two available paths to completing Common Criteria certification. The requirements and features of your solution will dictate which path is more suitable for your company.
Protection Profile
A Protection Profile (PP) is a product specific set of security criteria, each “product profile” contains varying requirements that must be addressed to pass CC certification
  All CC evaluations completed in the U.S. must adhere to a NIAP approved Protection Profile
  Your product must conform to ALL requirements specified within the PP
  PPs are accepted internationally
  There are currently 37 approved Protection Profiles and even more in development
Evaluation Assurance Level
Common Criteria evaluations can be performed against a set of seven predetermined Evaluation Assurance Levels (EAL). The EAL is a grade given in relation to how the product addresses the functional and assurance requirements, each one more stringent than the last.
The CCRA established that evaluations up to an EAL 2 be recognized by all participating countries, regardless of where the evaluation was completed.
These are the 7 Assurance Levels:
  1. Functionally Tested
  2. Structurally Tested
  3. Methodically Tested and Checked
  4. Methodically Designed, Tested, and Reviewed
  5. Semi-Formally Designed and Tested
  6. Semi-Formally Verified Design and Tested
  7. Formally Verified Design and Tested
Evaluation Assurance Level
Common Criteria evaluations can be performed against a set of seven predetermined Evaluation Assurance Levels (EAL). The EAL is a grade given in relation to how the product addresses the functional and assurance requirements, each one more stringent than the last.
The CCRA established that evaluations up to an EAL 2 be recognized by all participating countries, regardless of where the evaluation was completed.
These are the 7 Assurance Levels:
  1. Functionally Tested
  2. Structurally Tested
  3. Methodically Tested and Checked
  4. Methodically Designed, Tested, and Reviewed
  5. Semi-Formally Designed and Tested
  6. Semi-Formally Verified Design and Tested
  7. Formally Verified Design and Tested
Protection Profile
A Protection Profile (PP) is a product specific set of security criteria, each “product profile” contains varying requirements that must be addressed to pass CC certification
  All CC evaluations completed in the U.S. must adhere to a NIAP approved Protection Profile
  Your product must conform to ALL requirements specified within the PP
  A PP is accepted internationally at an EAL 2+
  There are currently 37 approved Protection Profiles and even more in development

The Process: Done Once, Done Right

Corsec’s Three-Step Methodology helps to decrease risk, increase security, and accelerate sales; guaranteeing validation success – Done Once, Done Right!

Assess

An Assessment of Your Company & Product to Identify an Efficient Certification Path

Enhance

Design Consulting to Harden Your Product Against CC Requirements

Validate

End-to-End Support to Guide You Through The Entire Certification Process

Assess

An Assessment of Your Company & Product to Identify the Most Efficient Path to Certification

Enhance

Design Consulting to Harden Your Product Against CC Requirements

Validate

End-to-End Support to Guide You Through The Entire Certification Process
Determining the appropriate approach for your Common Criteria certification is essential; depending on your product, the path and level you pursue, your TOE, and the engineering changes required, your path to certification could alter greatly.

Have Questions? Talk To An Expert