Common Criteria (CC) is a set of standards designed to establish an effective way of determining the level of security of a Target of Evaluation (TOE). These standards were established by a multi-national board of IT security groups. In coalition with many groups that are responsible for national standards, the CC was able to take form, some of these groups criterion include:
Trusted Computer System Evaluation Criteria (TCSEC)- These standards represent the criteria needed, and trusted by the United States companies and businesses to ensure security of a TOE. The approach in these criteria is based on a security level classification.
Information Technology Security Evaluation Criteria (TCSEC)- Like its North American Counterpart, these sets of standards were designed for classifying the security levels of a TOE, limited to European countries. Unlike TCSEC, ITSEC set of standards makes use of a hierarchical system for determining security levels.
Based on the similarities and differences of TCSEC and ITSEC and the global need for IT security, it was necessary to agree upon a standardized multi-national class set to ensure assurance and compatibility across many nations, thus inspiring the design and implementation of the Common Criteria.
The purpose of the Common Criteria is to establish a single set of IT security criteria for global use. The purpose was also to resolve the conceptual and technical differences found in the different criteria and deliver the results to ISO as a proposed standard. Common Criteria was the product of multinational corporation. The globalization of this standard saves time and money because it eliminates the need for multiple evaluations when doing international business. Common Criteria focuses on security objectives and the related threats.
Source by Rita Gergi