Using the Common Criteria for IT Security Evaluation

Introduction Background Purpose Scope Intended Audience Organization What Are the Common Criteria? History Purpose and Intended Use Major Components of the Methodology and How They Work Relationship to Other Standards CC User Community and Stakeholders Future of the CC Summary Discussion Problems Specifying Security Requirements: The Protection Profile Purpose Structure Introduction TOE Description TOE Security Environment Security Objectives Security Requirements PP Application Notes Rationale Summary Discussion Problems Designing a Security Architecture: The Security Target Purpose Structure Introduction TOE Description Security Environment Security Objectives Security Requirements TOE Summary Specification PP Claims Rationale Summary Discussion Problems Verifying a Security Solution: Security Assurance Activities Purpose ISO/IEC 15408-3 Common Evaluation Methodology (CEM) National Evaluation Schemes Interpretation of Results Relation to Security Certification and Accreditation (C&A) Activities Summary Discussion Problems Postscript ASE-Security Target Evaluation AVA - Vulnerability Analysis and Penetration Testing Services Contracts Schedules for New CC Standards (ISO/IEC and CCIMB) Annex A : Glossary of Acronyms and Terms Annex B: Additional Resources Standards, Regulations, and Policy (Historical and Current) Publications Online Resources Annex C: Common Criteria Recognition Agreement (CCRA) Participants Australia and New Zealand Defence Signals Directorate Canada Finland France Germany Greece Israel Italy The Netherlands Norway Spain Sweden United Kingdom United States Annex D: Accredited Common Criteria Evaluation Labs Australia and New Zealand Canada France Germany United Kingdom United StatesAnnex E: Accredited Cryptographic Module Testing Laboratories Canada United States Annex F: Glossary of Classes and Families