Key elements of the Vision included:. Common Criteria certification is sometimes specified for IT procurement. The set of SARs could be. In other words, Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use. One can also “overachieve” the EAL level.

Uploader: Tygozshura
Date Added: 11 July 2014
File Size: 44.47 Mb
Operating Systems: Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X
Downloads: 21342
Price: Free* [*Free Regsitration Required]

Approach 3 is used in the protection profile you refer to. This will be achieved through technical working groups developing worldwide PPs, and as yet a transition period has not been fully determined.

I’ve read it More information. We use cookies on iso/iec 15408 website to support technical features iso/iwc enhance your user experience. Part 2 catalogues the set of functional components, families, and classes. It is currently in version 3. The set of SARs could be.

ISO standards by standard number. By using our site, you acknowledge that you have read and understand our Cookie PolicyPrivacy Policyiso/iiec our Terms of Service. Canada iso//iec in the process of phasing out Iso/iec 15408 evaluations. Whether you run Microsoft Windows in the precise evaluated configuration or not, you should apply Microsoft’s security patches for the vulnerabilities in Windows as they continue to appear.

Thanks a lot for your answers. This is possible because the process of obtaining a Common Criteria certification allows a vendor to restrict the analysis to certain security features and to make iso/iec 15408 assumptions about the operating environment and the strength of threats faced by the product in that environment.


More recently, Jso/iec authors are including cryptographic requirements for CC evaluations that would typically be covered by Iso/iec 15408 evaluations, broadening the bounds of the CC through scheme-specific interpretations. The UK has also produced a number of alternative schemes when the timescales, costs and overheads of mutual recognition have lso/iec found to be impeding the operation of the market:. Adios to Winter Bash Sign up or log in Sign up using Google. If any of these security vulnerabilities are exploitable in the product’s evaluated configuration, the product’s Common Criteria certification should be voluntarily withdrawn by the vendor.

Common Criteria

Common Criteria is very generic; it does not directly provide a list of product security requirements or features for specific classes of products: Sign up using Facebook. Security assurance requirements Source reference: Suppose you are writing a security target or protection profile targeting EAL4.

Although some have argued that both paradigms do not align well, [6] others have attempted to reconcile both paradigms. Some national evaluation schemes are phasing out EAL-based evaluations and only accept products for evaluation that claim strict conformance with an approved PP.

The evaluator has to also do things, like for example: In a research paper, computer specialist David A. Various Iso/iec 15408 Windows versions, including Windows Server and Windows XPhave been certified iso/iec 15408, but security patches to address security vulnerabilities are still getting published by Microsoft for these Windows systems.


Email Required, but never shown.

Common Criteria – Wikipedia

If you take a look at the table you mentioned in your first question and the list of SARs in the ieo/iec protection profile, you can see that not all SARs that are needed for EAL1 are included. Based on this and other assumptions, which may not be realistic for the common use of general-purpose operating systems, the claimed security functions of the Windows products are evaluated. There are no security requirements that address the need to trust external systems or the iso/iec 15408 links to such systems.

A protection 155408 is a description of sio/iec target of evaluation together with a fixed combination of SARs and SFRs, where all dependencies among these are met. This page was last edited on 6 Decemberat In this approach, communities of interest form around technology types which in turn develop protection profiles that iso/iec 15408 the evaluation methodology for the technology type.

Introduction and general model Part 2: Other standards containing, e.