Common Criteria: Launching the International Standards
E F. Troy
This Information Technology Laboratory (ITL) Bulletin provides an introduction and overview of the Common Criteria (CC) for Information Technology (IT) Security and describes its US and multi-national implementation. The CC is the new standard for specifying the security features of computer products and systems. The CC is intended to replace previous security criteria used in North America and Europe with a standard that can be used everywhere in the world. The CC has recently been completed by an international governmental consortium, involving NIST, NSA, Canada, France, Germany, the Netherlands, the United Kingdom, and ISO experts. It is in the final stage of publication as ISO International Standard 15408.In the US, the new international standard CC has formed the basis for the National Information Assurance Partnership (NIAP), a joint activity of NIST and NSA to establish an IT product security evaluation program supported by a number of accredited, independent testing labs. The main goals of NIAP are to establish cost-effective evaluation of security-capable IT products, and promoting the wide availability of tested products to Federal agencies and others, thus playing a crucial role in helping to protect the US information infrastructure.