What is Common Criteria Scheme?

• International initiative to standardize IT security evaluations between organizations in Canada, France, Germany, Netherlands, UK, USA and Australia.
• Harmonizes UK ITSEC, CTCPEC (Canada) and USFC (US) into Common Criteria for Information Technology Security Evaluation - known as Common Criteria.
• Provides international mutual recognition scheme, whereby CC certificates are also accepted by New Zealand, Greece, Italy, Israel, Norway and Spain.

What does Common Criteria (CC) provide?

• Internationally accepted criteria for security evaluations, making CC more widely recognized and accepted than ITSEC (Europe) and USTEC (US).
• Supports pre-defined security requirements and fine grained assurance levels
• Independent evaluations are carried out against pre-defined evaluation assurance levels - (EAL0-EAL7), representing ascending levels of confidence in security functions.

What is EAL4 assurance?

• Applicable for products requiring moderate to high levels of security assurance.
• Analyzes security functions to understand and evaluate security behavior using:
  • Functional and complete interface specification
  • Guidance documentation
  • High and low level design of the target of evaluation (TOE)
  • Subset of the implementation.
• EAL4 assurance can be generally mapped to UK ITSEC E3 level certification.