Common Criteria: Origins and Overview

This chapter will consider how the Common Criteria for Information Technology Security Evaluation evolved, how they are defined and how they are used in practice. As an example we will look at how Common Criteria is applied to smart card evaluations. This chapter will not attempt to describe the full detail of Common Criteria, but will explore the scope of the criteria, the infrastructure that supports their use, and how protection Profiles and Security Targets are created to act as baselines for evaluations. As such it acts as an introduction to the use of Common Criteria, on which a reader can base further reading and practice in order to apply Common Criteria to real-world situations.