ALERT

[LAST CHANCE] Data Layer: Modern Business, Defined

Common Criteria for Information Technology Security Evaluation (CC)

Definition - What does Common Criteria for Information Technology Security Evaluation (CC) mean?

The Common Criteria for Information Technology Security Evaluation (CC) is an international standard based on computer security product and system evaluations. CC provides guidance on required functionality and assurance for security-related products and other items in a specific environment. CC evaluations are conducted for product consumers, users, technology developers and evaluators.

CC is also known as ISO/IEC 15408.

Techopedia explains Common Criteria for Information Technology Security Evaluation (CC)

A CC evaluation is performed on a Target of Evaluation (TOE), including separate or combined hardware, firmware and software. Not always a full IT product, a TOE may be a newly developed item or consolidated package and configured as follows:

  • Software application only
  • OS only
  • Software application and OS
  • Software application, OS and workstation
  • OS and workstation
  • Smart card integrated circuit only
  • Cryptographic coprocessor only (a smart card integrated circuit component)
  • Local area network (LAN), including terminals, network equipment, software and servers
  • Database application only (without remote client software)
A TOE may take the form of a configuration management system file list, master copy, packaged CD-ROM/customer user manual or previously installed and operational state.

A CC has three components:
  • General CC/TOE model and introduction: Provides a basic TOE evaluation outline
  • Security function component section: Relates common IT product and technology security requirements
  • Security assurance component section: Relates common IT product and technology assurance requirements

Techopedia Deals

Connect with us

Techopedia on Linkedin
Techopedia on Linkedin
Tweat cdn.techopedia.com
"Techopedia" on Twitter


'@Techopedia'
Sign up for Techopedia's Free Newsletter!

Email Newsletter

Join thousands of others with our weekly newsletter

Resources
The 4th Era of IT Infrastructure: Superconverged Systems
The 4th Era of IT Infrastructure: Superconverged Systems:
Learn the benefits and limitations of the 3 generations of IT infrastructure – siloed, converged and hyperconverged – and discover how the 4th...
Approaches and Benefits of Network Virtualization
Approaches and Benefits of Network Virtualization:
Businesses today aspire to achieve a software-defined datacenter (SDDC) to enhance business agility and reduce operational complexity. However, the...
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.