Appendix B. Common Criteria for Information Technology Security Evaluation
Note: The following reference information was obtained from the official Common Criteria website (www.commoncriteria.org). Please refer to the site for complete details. Detailed documents are available for download in portable document format (PDF). Some can be quite large. I examined one that was 368 pages and over 1 megabyte in size.
BACKGROUND
The Common Criteria (CC) was created to harmonize various information technology (IT) security evaluation standards in the United States, Europe, and Canada. The Common Criteria includes concepts of the U.S. Trusted Computer System Evaluation Criteria (TCSEC, 1985, also known as The Orange Book); the European Information Technology Security Evaluation Criteria (ITSEC, 1991), and the Canadian Trusted Computer Product Evaluation Criteria (CTCPEC, 1993). Version 1.0 of the CC was published for comment in January 1996. Version 2.0 was published in May 1998. The International Organization for Standardization (ISO) reviewed version 2.0 and adopted a revised version 2.1 of the CC as an international standard (#15408) in June 1999.
SPONSORING ORGANIZATIONS
The seven organizations sponsoring development of the CC are:
Communications Security Establishment (Canada)
Service Central de la Securite des Systemes (France)
Bundesamt fur Sicherheit in der Informationstechnik (Germany)
Netherlands National Communications Security Agency (Netherlands)
Communications-Electronics Security ...
Get Auditing Information Systems, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.