- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Common Criteria and Protection Profiles: How to Evaluate Information
- Abstract
- The purpose of this paper is to discuss the standards of Common Criteria and the security framework provided by the Common Criteria. In addition, this paper will review the background and applicability of Common Criteria Protection Profiles established to evaluate specific Information Technology (IT) functional and assurance security requirements. The Common Criteria (CC) security framework establishes a methodology to apply security standards to an IT system or product and establishes the understanding of how specific Protection Profiles (PP) fit into the overall CC process. CC baselines activities for IT systems and products assurance evaluations. Developers, consumers, or evaluators of IT systems and products may use the CC security framework to institute a level of security assurance. This paper will document the CC process and explore its importance to IT security.