The Common Criteria for Information Technology Security Evaluation (Common Criteria or CC) is an international standard (ISO / IEC 15408) for IT product security certification. It is a framework that provides criteria for independent, scalable and globally recognized security inspections for IT products. It is especially designed for products destined for highly security-intensive markets, such as governmental, banking or military sectors. Certification according to this standard is therefore essential.
TÜV Rheinland experts are happy to support you with extensive common criteria consultation services during the complex evaluation process leading to final certification by a certification body.
Our common criteria services offer you:
Please contact us to learn more about how our common criteria services according to ISO 15408 can benefit your company.
We can help you select the appropriate Protection Profile, prepare the Security Target and we can also effectively support the development of all other documentation from security architecture description to the depth of testing analysis.
With our assistance you can minimize the dedicated internal resources and spending to achieve common criteria certification to your product.
We offer evaluation services via partner evaluation facilities, but we can also help if you require a certificate under a different national scheme, and you look for a CC expert who can help to get over the difficulties of certification.
With the support of a third party contracted laboratory, we perform Common Criteria evaluations of your computer security products and systems.
In order to examine and evaluate the security of IT systems and products, experts from our partner laboratory must first define a target of evaluation (TOE) allowing for further assessment of current and applicable documentation.
Following documentation review, our experts can provide you with strategic consultancy services and assist you in document creation. The targets defined earlier are then evaluated in detail.
Upon completion of the documentation review and a thorough CC evaluation, we can provide you support and help you attain your IT product security certification.
The CC evaluation validates claims made about a safety target and verifies the target's security features by inspecting:
In an attempt to determine the level of confidence attributed to a product's security features, thorough CC evaluation from our third party contracted laboratory includes the following quality assurance processes:
The Common Criteria for Information Technology Security Evaluation or CC is the international ISO/IEC 15408 standard for the certification of computer security.
This framework provides models of Protection Profiles (PPs) - documents identifying security requirements for a specific range of security devices - to help computer users specify their security requirements enabling computer retailers to implement appropriate and adequate security attributes. These attributes can then be officially tested and evaluated to validate compliance with all applicable requirements.
Thus, Common Criteria ensures that the specification, implementation and evaluation of a computer security product has been properly conducted.
The Common Methodology for Information Technology Security Evaluation is a document supplemental to the Common Criteria which defines the minimum actions that must be performed to conduct an acceptable CC evaluation according to the ISO 15408 standard criteria.
Formerly called Mutual Recognition Arrangement (MRA), the CCRA is a treaty under which each signing member recognizes evaluations carried out by other parties in accordance with the Common Criteria standard. Originally signed by Canada, France, Germany, the United Kingdom and the United States in 1998, there are currently 26 CCRA members.