Evaluation of Common Criteria, FIPS 140, INTERAC (SPED), security and cryptographic products

The United States, Canada, United Kingdom, Germany, France, and the Netherlands released a jointly developed evaluation standard for a multi-national marketplace. This standard is known as the Common Criteria for Information Technology Security Evaluation (CCITSE) usually referred to as the "Common Criteria" (CC). The Common Criteria can be used for the following purposes:

User	Uses of the Common Criteria
Consumers	Enables consumers to find requirements for security features that match their own risk assessment. To shop for products that have ratings with those features. Publish their own security requirements so that vendors can design products to meet them.
Developers	Helps them select security requirements that they wish to include in their products. To design and build a product in a way that can prove to evaluators that the product meets requirements. To determine their responsibilities in supporting and evaluating their product.
Evaluators	To judge whether or not a product meets its security requirements. Provide a yardstick against which evaluations can be performed. Provide input when forming specific evaluation methods.

The Common Criteria (CC) provides a language for describing Information Technology (IT) system security requirements. The CC paradigm includes two kinds of documents for specifying security requirements, Protection Profiles (PP)s and Security Targets (ST)'s. A PP is an implementation-independent set of security requirements specifying the security needs of customers, consumers, and/or a consortium of users. A ST defines the security requirements to be used as the basis for the evaluation of a product or system. For a particular product or system, a ST may claim conformance to one or more PPs.

Evaluation of Common Criteria, FIPS 140, INTERAC (SPED), security and cryptographic products

User

Uses of the Common Criteria