Skip to main content

Common Criteria

Common Criteria also known as CC is an international set of guidelines and specifications for evaluating information security products specifically designed to ensure that they meet an agreed upon security standard for government activities. CC is also more formally known as Common Criteria for Information Technology Security Evaluation.

How does Common Criteria (CC) work?

Common Criteria has two main components:

A Protection Profile (PPro) defines a standard set of security requirements for a particular type of product, such as a firewall.
The rating security level defines how thoroughly the product is tested. Rating security levels are scaled from 1 to 7.

To submit a product for evaluation, the vendor must first complete a description that includes an overview of the product and the product’s security features, an assessment of potential security threats, and a vendor self-assessment. The lab then tests the product to verify the product’s security features and assess how well it meets the specifications defined in the protection profile. The results of a successful assessment form the basis for official certification of the product. The goal of CC certification is to assure customers that the vendor’s security claims have been verified by a neutral third party.

In addition, of importance to you may be yslow. Learn more here:

To the article

Do you have any more questions?

Please contact us


Further contents