google-site-verification: googlebc47d07320294fb4.html

7 Interesting Facts About Common Criteria

Home Business Magazine Online

Common Criteria for Information Technology Security Evaluation (CC) is an internationally accepted and scalable set of cybersecurity certification standards (ISO 15408). Common Criteria certification ensures that the assessments of the relevant IT product were completed to consistently high criteria, in a rigorous, standardized, and repeatable manner. This article provides insight into this topic and presents 7 interesting facts about Common Criteria.

1. Internationally recognized IT security certification

Originally, Common Criteria was developed in collaboration with six countries: Germany, France, the United Kingdom, the Netherlands, Canada, and the United States. Today, Common Criteria are the driving force behind the broadest mutual acceptance of secure IT products available. It is recognized by the 31 CCRA member countries and valued by their Federal and Government entities.

2. CC evaluation process can improve the assessed IT product

The Common Criteria evaluation process enhances an IT product or system by exposing vulnerabilities that may be fixed before introducing it to the market. This also helps to avoid costly post-release updates. Furthermore, Common Criteria certification is an effective tool for keeping the business environment competitive. In order to compete with other well-established cybersecurity solutions that have previously been assessed, CC evaluation and certification are critical for the given IT product.

3. Three essential parties are involved in a Common Criteria certification process

There are three primary parties involved in the Common Criteria evaluation process:

  1.  The Certification Body is responsible for issuing Common Criteria certifications.
  2.  Sponsors and developers that submit their system or IT product for evaluation. In the case of large companies, this role is often the same.
  3.  The independent and authorized laboratory that carries out the assessment.

4. A total of 7 Evaluated Assurance Levels are defined in the Common Criteria

Before starting the assessment procedure, the Sponsor or Developer has to select the Evaluated Assurance Level against which the Common Criteria evaluation will be performed.

There are 7 EAL levels defined in the Common Criteria:

  • EAL1: Functionally Tested
  • EAL2: Structurally Tested
  • EAL3: Methodically Tested and Checked
  • EAL4: Methodically Designed, Tested, and Reviewed
  • EAL5: Semi-Formally Designed and Tested
  • EAL6: Semi-Formally Verified Design and Tested
  • EAL7: Formally Verified Design and Tested

5. There is a slow but steady growth in the number of Common Criteria certifications worldwide

Since 2010, a total of 1645 IT products have been certified, with 589 of them being ICs, smart cards, smart card-related devices, and systems. Other popular product categories include Network and Network-Related Devices (237 Common Criteria certifications) and Multi-Function Devices (233 CC certifications). Aside from these, several Operating Systems, Databases, Access Control Devices, Boundary Protection Devices, and Systems passed the Common Criteria assessment process successfully.

In recent years, the number of issued certifications has increased by an average of 10%.

Data source:
Data source:

6. New Zealand became a certificate-consuming country

After many years of the close alliance between Australia and New Zealand in managing the Australasian Certification Authority, New Zealand has opted to give up its authorizing position and remain a certificate-consuming nation in the CCRA. This is to more accurately represent New Zealand’s contribution to the Australasian Information Security Evaluation Program (AISEP) and the CCRA. The AISEP program name has been modified from ‘Australasian’ to ‘Australian’ to better represent the program’s status as a certificate authorizing nation of the CCRA. These modifications took effect in October 2021.

7. EUCC is replacing the European SOGIS mutual recognition agreement

The EUCC cybersecurity system developed by ENISA (the European Union Agency for Cybersecurity) will take the place of the existing European SOGIS mutual recognition agreement (Senior Officers Group for Information Systems). EUCC is a Common Criteria-based certification system that combines the globally acknowledged, proven methodologies of Common Criteria with new concepts to give stakeholders a contemporary and flexible solution, such as patch management for certified systems and products.

The post 7 Interesting Facts About Common Criteria appeared first on Home Business Magazine.

Original source:

16 thoughts on “7 Interesting Facts About Common Criteria”

  1. I loved as much as you will receive carried out right here.
    The sketch is tasteful, your authored subject matter stylish.
    nonetheless, you command get got an shakiness over that you
    wish be delivering the following. unwell unquestionably come further formerly again since exactly the same nearly
    very often inside case you shield this hike.

  2. I think what you said was very logical. However, what about this?
    what if you were to write a killer headline? I ain’t
    suggesting your information is not solid., but what if you added a title that
    grabbed folk’s attention? I mean 7 Interesting Facts About Common Criteria – Moneysource1 is a
    little boring. You could look at Yahoo’s home page and see how they create news
    headlines to get viewers to open the links. You
    might add a related video or a picture or
    two to grab readers excited about what you’ve written.
    Just my opinion, it could make your posts a little livelier.

  3. I am actually delighted to glance at this web site posts
    which consists of plenty of helpful information, thanks for providing these kinds
    of statistics.

  4. Wonderful web site. Lots of useful info here. I am sending it to a
    few pals ans additionally sharing in delicious.
    And naturally, thank you to your sweat!

  5. Simply wish to say your article is as astonishing. The clarity
    in your post is simply cool and i can assume you’re an expert on this subject.
    Fine with your permission let me to grab your feed to keep updated with forthcoming post.
    Thanks a million and please keep up the enjoyable work.

  6. When I initially commented I clicked the
    “Notify me when new comments are added” checkbox and now each time a comment is added
    I get three emails with the same comment. Is there any way you can remove me from that service?

    Appreciate it!

  7. I do believe all of the concepts you have offered to
    your post. They’re really convincing and will definitely work.
    Nonetheless, the posts are too quick for beginners.
    Could you please extend them a little from subsequent time?
    Thank you for the post.

Leave a Reply

Your email address will not be published. Required fields are marked *

+ +