Common Criteria for Information Technology Security Evaluation (CC)

Last Updated: January 1, 2012

Definition - What does Common Criteria for Information Technology Security Evaluation (CC) mean?

The Common Criteria for Information Technology Security Evaluation (CC) is an international standard based on computer security product and system evaluations. CC provides guidance on required functionality and assurance for security-related products and other items in a specific environment. CC evaluations are conducted for product consumers, users, technology developers and evaluators.

CC is also known as ISO/IEC 15408.

Free White Paper: "AI in the Insurance Industry: 26 Real-World Use Cases" | Discover what the future of insurance holds and how AI innovation can be used to hit the mark even more precisely.

Techopedia explains Common Criteria for Information Technology Security Evaluation (CC)

A CC evaluation is performed on a Target of Evaluation (TOE), including separate or combined hardware, firmware and software. Not always a full IT product, a TOE may be a newly developed item or consolidated package and configured as follows:

Software application only
OS only
Software application and OS
Software application, OS and workstation
OS and workstation
Smart card integrated circuit only
Cryptographic coprocessor only (a smart card integrated circuit component)
Local area network (LAN), including terminals, network equipment, software and servers
Database application only (without remote client software)

A TOE may take the form of a configuration management system file list, master copy, packaged CD-ROM/customer user manual or previously installed and operational state.

A CC has three components:

General CC/TOE model and introduction: Provides a basic TOE evaluation outline
Security function component section: Relates common IT product and technology security requirements
Security assurance component section: Relates common IT product and technology assurance requirements