3.3 The Common Criteria Model

The Common Criteria Model [2], formally known as International Standard ISO/IEC 15408-1, was prepared by the Joint Technical Committee ISO/IEC JTC 1, Information Technology, in collaboration with all seven of the Common Criteria Project sponsoring organizations. ISO/IEC 15408 consists of three parts that fall under the general title " Information technology ”Security techniques ”Evaluation criteria for IT security ." A breakdown of the structure is as follows :

Part 1: Introduction and general model
Part 2: Security functional requirements
Part 3: Security assurance requirements
Annexes A “D

The Common Criteria (CC) is used as a standardized framework to evaluate the security elements of IT products and systems. The advantage of having such a common criteria that forms the framework for an evaluation is obvious. The results of an IT security evaluation based on this common criteria is meaningful to a wider audience than just the organization undergoing the evaluation. The CC permits comparability of the results of independent security evaluations. This is possible because the CC provides a common set of requirements for the security functions and also provides for assurance measures that are applied to this common set of requirements during a security evaluation.

The CC evaluation process establishes a minimum level of confidence that the security functions of such IT elements and the assurance measures applied to them meet the CC standard. This minimum level or standard forms a baseline for comparison of security elements across organizations and allows development of a benchmarking capability that would otherwise be unavailable. The CC evaluation results can also be used to help consumers determine whether the IT elements are secure enough for their intended application and whether the security risks implicit in its use are tolerable. In general, one can think of CC as the yardstick by which security elements are measured and compared by and between organizations.

The CC is useful as a guide for the development of products or systems that contain IT security functions. It is also useful in the procurement process for acquiring commercial products and systems with such security functions. During an evaluation, the IT product or system is known as a Target of Evaluation (TOE). Such TOEs include, for example, operating systems, computer networks, distributed systems, and applications.

The CC also addresses the protection of information from unauthorized disclosure, modification, or loss of use. The categories of protection relating to these three types of failure of security are commonly called confidentiality, integrity, and availability. The CC is generally applicable to those aspects of IT security that fall outside of these three categories as well. The CC focuses on threats to information produced as a result of any human endeavors, malicious or otherwise. The CC applies to security measures implemented in hardware, firmware, or software. Some areas of security are considered to be outside the scope of the CC, such as certain control procedures for administrative, organizational, personnel, and physical security. The reader is encouraged to consult the CC reference for more details in this area becuse it is outside the scope of this book to discuss all of the CC.