Talk With an Expert

Common Criteria and Protection Profiles: How to Evaluate Information

Common Criteria and Protection Profiles: How to Evaluate Information (PDF, 2.02MB)Published: 03 Jun, 2003
Created by
Kathryn Wallace

The purpose of this paper is to discuss the standards of Common Criteria and the security framework provided by the Common Criteria. In addition, this paper will review the background and applicability of Common Criteria Protection Profiles established to evaluate specific Information Technology (IT) functional and assurance security requirements. The Common Criteria (CC) security framework establishes a methodology to apply security standards to an IT system or product and establishes the understanding of how specific Protection Profiles (PP) fit into the overall CC process. CC baselines activities for IT systems and products assurance evaluations. Developers, consumers, or evaluators of IT systems and products may use the CC security framework to institute a level of security assurance. This paper will document the CC process and explore its importance to IT security.