Introduction to Common Criteria
ISO/IEC 15408 Common Criteria for Information Security Evaluation consists of three parts:
- ISO/IEC 15408-1 (CC Part 1) contains: introduction, description of the risk management model, description of assurance development, structure of documents needed for the certification of an IT product or system;
- ISO/IEC 15408-2 (CC Part 2) contains a catalogue of functional components used for modelling functional security requirements;
- ISO/IEC 15408-3 (CC Part 3) contains a catalogue of assurance components used for modelling security assurance requirements.
CC documentation is available at https://www.commoncriteriaportal.org/
Common Criteria – for whom and why?
The standard is useful for business organizations, IT developers, managers, and all people engaged in the development process of secure and reliable IT products.
CCMODE products offered to clients:
- design patterns for documentation,
- CCMODE Tools computer-aided system,
- implementation and maintenance of the CCMODE Tools system at the client's premises,
- knowledge, experience, best practices,
- training, workshops and consultations,
- assistance in security analyses,
- assistance in documentation development,
- audits of development environments for compliance with CC,
- product evaluation for compliance with a given EAL,
- SecLab EMAG.
Detailed information about CCMODE products is available at Cooperation opportunities.