523:, have been certified, but security patches to address security vulnerabilities are still getting published by Microsoft for these Windows systems. This is possible because the process of obtaining a Common Criteria certification allows a vendor to restrict the analysis to certain security features and to make certain assumptions about the operating environment and the strength of threats faced by the product in that environment. Additionally, the CC recognizes a need to limit the scope of evaluation in order to provide cost-effective and useful security certifications, such that evaluated products are examined to a level of detail specified by the assurance level or PP. Evaluations activities are therefore only performed to a certain depth, use of time, and resources and offer reasonable assurance for the intended environment.
193:– the numerical rating describing the depth and rigor of an evaluation. Each EAL corresponds to a package of security assurance requirements (SARs, see above) which covers the complete development of a product, with a given level of strictness. Common Criteria lists seven levels, with EAL 1 being the most basic (and therefore cheapest to implement and evaluate) and EAL 7 being the most stringent (and most expensive). Normally, an ST or PP author will not select assurance requirements individually but choose one of these packages, possibly 'augmenting' requirements in a few areas with requirements from a higher level. Higher EALs
126:) relevant to that user for a particular purpose. Product vendors can choose to implement products that comply with one or more PPs, and have their products evaluated against those PPs. In such a case, a PP may serve as a template for the product's ST (Security Target, as defined below), or the authors of the ST will at least ensure that all requirements in relevant PPs also appear in the target's ST document. Customers looking for particular types of products can focus on those certified against the PP that meets their requirements.
184:– descriptions of the measures taken during development and evaluation of the product to assure compliance with the claimed security functionality. For example, an evaluation may require that all source code is kept in a change management system, or that full functional testing is performed. The Common Criteria provides a catalogue of these, and the requirements may vary from one evaluation to the next. The requirements for particular targets or types of products are documented in the ST and PP, respectively.
651:, a certificate can only be withdrawn when it was issued under misconception, e.g., when it turns out that wrong evidence was submitted. After a certificate is issued, it must be presumed that the validity of the certificate decreases over time by improved and new attacks being discovered. Certification bodies can issue maintenance reports and even perform a re-certification of the product. These activities, however, have to be initiated and sponsored by the vendor.
3592:
530:"Any other systems with which the TOE communicates are assumed to be under the same management control and operate under the same security policy constraints. The TOE is applicable to networked or distributed environments only if the entire network operates under the same constraints and resides within a single management domain. There are no security requirements that address the need to trust external systems or the communications links to such systems."
546:
product's Common
Criteria certification should be voluntarily withdrawn by the vendor. Alternatively, the vendor should re-evaluate the product to include the application of patches to fix the security vulnerabilities within the evaluated configuration. Failure by the vendor to take either of these steps would result in involuntary withdrawal of the product's certification by the certification body of the country in which the product was evaluated.
167:. The list of SFRs can vary from one evaluation to the next, even if two targets are the same type of product. Although Common Criteria does not prescribe any SFRs to be included in an ST, it identifies dependencies where the correct operation of one function (such as the ability to limit access according to roles) is dependent on another (such as the ability to identify individual roles).
456:) and membership continues to expand. Within the CCRA only evaluations up to EAL 2 are mutually recognized (Including augmentation with flaw remediation). The European countries within the SOGIS-MRA typically recognize higher EALs as well. Evaluations at EAL5 and above tend to involve the security requirements of the host nation's government.
538:(CAPP) to which their products adhere. Based on this and other assumptions, which may not be realistic for the common use of general-purpose operating systems, the claimed security functions of the Windows products are evaluated. Thus they should only be considered secure in the assumed, specified circumstances, also known as the
654:
While several Common
Criteria certified products have been affected by the ROCA flaw, vendors' responses in the context of certification have been different. For some products a maintenance report was issued, which states that only RSA keys with a length of 3072 and 3584 bits have a security level of
715:
oriented approach towards evaluation. In this approach, communities of interest form around technology types which in turn develop protection profiles that define the evaluation methodology for the technology type. The objective is a more robust evaluation. There is some concern that this may have a
576:
Evaluation focuses primarily on assessing the evaluation documentation, not on the actual security, technical correctness or merits of the product itself. For U.S. evaluations, only at EAL5 and higher do experts from the
National Security Agency participate in the analysis; and only at EAL7 is full
459:
In
September 2012, a majority of members of the CCRA produced a vision statement whereby mutual recognition of CC evaluated products will be lowered to EAL 2 (Including augmentation with flaw remediation). Further, this vision indicates a move away from assurance levels altogether and evaluations
607:
raised concerns over the lack of control over the actual production of the products once they are certified, the absence of a permanently staffed organizational body that monitors compliance, and the idea that the trust in the Common
Criteria IT-security certifications will be maintained across
447:
As well as the Common
Criteria standard, there is also a sub-treaty level Common Criteria MRA (Mutual Recognition Arrangement), whereby each party thereto recognizes evaluations against the Common Criteria standard done by other parties. Originally signed in 1998 by Canada, France, Germany, the
507:
Common
Criteria certification cannot guarantee security, but it can ensure that claims about the security attributes of the evaluated product were independently verified. In other words, products evaluated against a Common Criteria standard exhibit a clear chain of evidence that the process of
299:
CC was produced by unifying these pre-existing standards, predominantly so that companies selling computer products for the government market (mainly for
Defence or Intelligence use) would only need to have them evaluated against one set of standards. The CC was developed by the governments of
89:
the products to determine if they actually meet the claims. In other words, Common
Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is
545:
Whether you run
Microsoft Windows in the precise evaluated configuration or not, you should apply Microsoft's security patches for the vulnerabilities in Windows as they continue to appear. If any of these security vulnerabilities are exploitable in the product's evaluated configuration, the
139:
of the target of evaluation. The ST may claim conformance with one or more PPs. The TOE is evaluated against the SFRs (Security Functional Requirements. Again, see below) established in its ST, no more and no less. This allows vendors to tailor the evaluation to accurately match the intended
568:
columnist William Jackson critically examined Common Criteria methodology and its US implementation by the Common Criteria Evaluation and Validation Scheme (CCEVS). In the column executives from the security industry, researchers, and representatives from the National Information Assurance
346:
655:
at least 100 bits, while for some products the maintenance report does not mention that the change to the TOE affects certified cryptographic security functionality, but concludes that the change is at the level of guidance documentation and has no effect on assurance.
144:
management system, and that different firewalls may in fact be evaluated against completely different lists of requirements. The ST is usually published so that potential customers may determine the specific security features that have been certified by the
105:– the product or system that is the subject of the evaluation. The evaluation serves to validate claims made about the target. To be of practical use, the evaluation must verify the target's security features. This is done through the following:
460:
will be confined to conformance with Protection Profiles that have no stated assurance level. This will be achieved through technical working groups developing worldwide PPs, and as yet a transition period has not been fully determined.
1173:
627:
in Germany issued Common Criteria certificates for the vulnerable products. The Security Target of the evaluated product claimed that RSA keys are generated according to the standard algorithm. In response to this vulnerability,
239:
Some national evaluation schemes are phasing out EAL-based evaluations and only accept products for evaluation that claim strict conformance with an approved PP. The United States currently only allows PP-based evaluations.
212:
Common Criteria certification is sometimes specified for IT procurement. Other standards containing, e.g., interoperation, system management, user training, supplement CC and other product standards. Examples include the
351:
235:
More recently, PP authors are including cryptographic requirements for CC evaluations that would typically be covered by FIPS 140-2 evaluations, broadening the bounds of the CC through scheme-specific interpretations.
699:
System Evaluation (SYSn) and Fast Track Approach (FTA) schemes for assurance of government systems rather than generic products and services, which have now been merged into the CESG Tailored Assurance Service (CTAS)
679:
Throughout the lifetime of CC, it has not been universally adopted even by the creator nations, with, in particular, cryptographic approvals being handled separately, such as by the Canadian / US implementation of
580:
The effort and time necessary to prepare evaluation evidence and other evaluation-related documentation is so cumbersome that by the time the work is completed, the product in evaluation is generally obsolete.
269:– The Canadian standard followed from the US DoD standard, but avoided several problems and was used jointly by evaluators from both the U.S. and Canada. The CTCPEC standard was first published in May 1993.
448:
United Kingdom and the United States, Australia and New Zealand joined 1999, followed by Finland, Greece, Israel, Italy, the Netherlands, Norway and Spain in 2000. The Arrangement has since been renamed
335:
1177:
90:
commensurate with the target environment for use. Common Criteria maintains a list of certified products, including operating systems, access control systems, databases, and key management systems.
4261:
2918:
632:
now plans to improve transparency by requiring that the certification report at least specifies if the implemented proprietary cryptography is not exactly conformant to a recommended standard.
553:
without including the application of any Microsoft security vulnerability patches in their evaluated configuration. This shows both the limitation and strength of an evaluated configuration.
640:
357:
584:
487:
Common Criteria is very generic; it does not directly provide a list of product security requirements or features for specific (classes of) products: this follows the approach taken by
723:
In Sept of 2012, the Common Criteria published a Vision Statement implementing to a large extent Chris Salter's thoughts from the previous year. Key elements of the Vision included:
691:
The UK has also produced a number of alternative schemes when the timescales, costs and overheads of mutual recognition have been found to be impeding the operation of the market:
255:– The European standard, developed in the early 1990s by France, Germany, the Netherlands and the UK. It too was a unification of earlier work, such as the two UK approaches (the
727:
Technical Communities will be focused on authoring Protection Profiles (PP) that support their goal of reasonable, comparable, reproducible and cost-effective evaluation results
573:
Evaluation is a costly process (often measured in hundreds of thousands of US dollars) – and the vendor's return on that investment is not necessarily a more secure product.
562:
295:) in the late 1970s and early 1980s. The central thesis of the Orange Book follows from the work done by Dave Bell and Len LaPadula for a set of protection mechanisms.
666:
by the vendors. This information, however, did not reach in a timely manner the Estonian authorities who had deployed the vulnerable product on more than 750,000
615:
was found in a list of Common Criteria certified smart card products. The vulnerability highlighted several shortcomings of Common Criteria certification scheme:
407:
1252:
619:
The vulnerability resided in a homegrown RSA key generation algorithm that has not been published and analyzed by the cryptanalysis community. However, the
4131:
2430:
1131:
400:
639:
Even though the certification bodies are now aware that the security claims specified in the Common Criteria certificates do not hold anymore, neither
371:
260:
4126:
2425:
603:
paradigms. Although some have argued that both paradigms do not align well, others have attempted to reconcile both paradigms. Political scientist
1148:
906:
114:– a document, typically created by a user or user community, which identifies security requirements for a class of security devices (for example,
3628:
2647:
2435:
1930:
1308:
819:
604:
396:
292:
47:
930:
730:
Evaluations should be done against these PP's if possible; if not mutual recognition of Security Target evaluations would be limited to EAL2.
707:(CCT Mark), which is aimed at handling less exhaustive assurance requirements for products and services in a cost and time efficient manner.
463:
On July 2, 2014, a new CCRA was ratified per the goals outlined within the 2012 vision statement. Major changes to the Arrangement include:
340:
2152:
418:
467:
Recognition of evaluations against only a collaborative Protection Profile (cPP) or Evaluation Assurance Levels 1 through 2 and ALC_FLR.
3122:
155:
which may be provided by a product. The Common Criteria presents a standard catalogue of such functions. For example, a SFR may state
4485:
3227:
3147:
2938:
2933:
2779:
473:
A transition plan from the previous CCRA, including recognition of certificates issued under the previous version of the Arrangement.
173:
The evaluation process also tries to establish the level of confidence that may be placed in the product's security features through
51:
2945:
1242:
595:(FOSS)-centric organizations and development models. Common Criteria assurance requirements tend to be inspired by the traditional
978:
1299:
659:
648:
644:
633:
629:
624:
591:
In a 2006 research paper, computer specialist David A. Wheeler suggested that the Common Criteria process discriminates against
3935:
3478:
1668:
884:
140:
capabilities of their product. This means that a network firewall does not have to meet the same functional requirements as a
1840:
197:
necessarily imply "better security", they only mean that the claimed security assurance of the TOE has been more extensively
4506:
4236:
3547:
3348:
2871:
2254:
1845:
1815:
535:
378:
1064:
470:
The emergence of international Technical Communities (iTC), groups of technical experts charged with the creation of cPPs.
432:
3621:
3192:
2522:
2319:
331:(SCC) under Program for the Accreditation of Laboratories (PALCAN) accredits Common Criteria Evaluation Facilities (CCEF)
276:
1111:
232:, give the specifications for cryptographic modules, and various standards specify the cryptographic algorithms in use.
1643:
620:
309:
2719:
1743:
491:, but has been a source of debate to those used to the more prescriptive approach of other earlier standards such as
1237:
1191:
954:
4511:
3283:
2455:
2299:
1174:"Common Criteria "Reforms"—Sink or Swim-- How should Industry Handle the Revolution Brewing with Common Criteria?"
907:"Arrangement on the Recognition of Common Criteria Certificates in the field of Information Technology Security"
4381:
3614:
3378:
3373:
3132:
3080:
1192:"CCRA Management Committee Vision statement for the future direction of the application of the CC and the CCRA"
1128:
1019:
Wäyrynen, J.; Bodén, M.; Boström, G. "Security Engineering and eXtreme Programming: An Impossible Marriage?".
4141:
3671:
3172:
2502:
2015:
1663:
592:
17:
745:
385:
3517:
2995:
1292:
780:
328:
205:
So far, most PPs and most evaluated STs/certified products have been for IT components (e.g., firewalls,
198:
4056:
4051:
3753:
3681:
3177:
3085:
3035:
2794:
2127:
2122:
1521:
1155:
750:
600:
550:
188:
3443:
3388:
3167:
3152:
2410:
1830:
1326:
823:
508:
specification, implementation, and evaluation has been conducted in a rigorous and standard manner.
287:. The Orange Book originated from Computer Security work including the Anderson Report, done by the
4406:
3491:
3398:
3187:
3162:
2374:
2369:
288:
1088:
4046:
3045:
2587:
2577:
2572:
2147:
2132:
2072:
1506:
1501:
1461:
740:
228:
implementation within the TOE are outside the scope of the CC. Instead, national standards, like
1222:
4516:
3595:
3363:
3353:
2482:
1900:
1481:
1285:
1149:"Common Criteria Reforms: Better Security Products Through Increased Cooperation with Industry"
667:
218:
43:
4186:
4076:
3637:
2784:
2294:
1516:
1486:
1379:
1369:
1330:
1322:
760:
263:
Green Book aimed at commercial use), and was adopted by some other countries, e.g. Australia.
85:
or make claims about the security attributes of their products, and testing laboratories can
1272:
623:
TĂśV Informationstechnik GmbH (TĂśViT) in Germany approved its use and the certification body
4454:
4421:
4286:
3855:
3542:
3448:
3182:
3157:
3000:
2841:
2592:
2279:
2082:
1955:
1738:
599:
software development methodology. In contrast, much FOSS software is produced using modern
123:
8:
4386:
3383:
1262:
996:
516:
425:
4361:
4341:
3328:
3263:
1603:
975:
712:
663:
612:
109:
78:
1267:
997:"Free-Libre / Open Source Software (FLOSS) and Software Assurance / Software Security"
2157:
775:
174:
119:
98:
Common Criteria evaluations are performed on computer security products and systems.
55:
799:
4011:
2891:
2632:
1960:
1277:
1024:
892:
206:
3501:
3222:
3127:
2809:
2804:
2799:
2284:
2247:
2242:
2237:
2232:
2227:
2222:
2217:
1227:
1135:
1028:
982:
844:
596:
569:
Partnership (NIAP) were interviewed. Objections outlined in the article include:
389:
130:
74:
636:
does not plan on requiring the proprietary algorithm to be published in any way.
356:(CESTI). Evaluations are done according to norms and standards specified by the
2789:
2537:
2349:
2212:
2202:
2197:
2192:
2187:
2182:
2177:
2172:
2167:
1536:
1526:
976:
Under Attack: Common Criteria has loads of critics, but is it getting a bum rap
439:
Characteristics of these organizations were examined and presented at ICCC 10.
284:
164:
1065:"Common Criteria meets Realpolitik - Trust, Alliances, and Potential Betrayal"
4500:
4464:
4459:
4449:
4444:
4439:
4431:
4426:
4416:
4401:
4396:
4351:
4336:
4331:
4326:
4316:
4306:
4296:
4291:
4271:
4266:
4256:
4231:
4221:
4211:
4176:
4171:
4161:
4156:
4146:
4121:
4116:
3577:
3552:
3537:
3473:
3468:
3463:
3458:
3453:
3298:
3243:
3212:
3202:
3065:
3055:
3025:
3020:
2970:
2950:
2928:
2913:
2866:
2831:
2774:
2769:
2759:
2637:
2582:
2557:
2552:
2532:
2405:
1945:
1384:
1354:
1232:
1115:
770:
225:
214:
374:
evaluates and certifies IT products at assurance levels EAL 1 through EAL 4.
316:, and certification bodies will normally be approved against ISO/IEC 17065.
4411:
4391:
4111:
4086:
4071:
4066:
4061:
4041:
4036:
4031:
4026:
4021:
4016:
4006:
4001:
3996:
3696:
3438:
3408:
3268:
2612:
2607:
2470:
2465:
2460:
2379:
2324:
2274:
2207:
2162:
2137:
2067:
2062:
2057:
2052:
2047:
2005:
1970:
1880:
1875:
1703:
1511:
711:
In early 2011, NSA/CSS published a paper by Chris Salter, which proposed a
662:, the users of the certified end products should have been informed of the
864:
414:
345:(COFRAC) accredits Common Criteria evaluation facilities, commonly called
3986:
3778:
3748:
3741:
3736:
3413:
3110:
3105:
3100:
2684:
2601:
1573:
962:
1217:
1043:
4356:
4281:
4196:
4136:
3403:
3308:
3015:
2990:
2754:
2709:
2445:
2102:
1915:
1808:
1803:
1798:
1758:
1733:
1608:
1364:
755:
520:
229:
115:
1258:
OpenCC Project – free Apache license CC docs, templates and tools
259:
UK Evaluation Scheme aimed at the defence/intelligence market and the
4469:
4246:
4181:
3970:
3965:
3960:
3955:
3950:
3940:
3930:
3925:
3915:
3910:
3905:
3900:
3890:
3885:
3880:
3865:
3860:
3850:
3845:
3840:
3830:
3825:
3820:
3815:
3810:
3805:
3800:
3795:
3773:
3768:
3758:
3731:
3726:
3716:
3711:
3706:
3701:
3691:
3686:
3676:
3661:
3656:
3651:
3572:
3567:
3562:
3557:
3532:
3522:
3483:
3433:
3428:
3423:
3418:
3323:
3318:
3313:
3303:
3293:
3278:
3258:
3253:
3248:
3197:
3142:
3137:
3117:
3095:
3075:
3030:
3010:
2965:
2960:
2955:
2923:
2886:
2876:
2861:
2856:
2851:
2836:
2821:
2816:
2744:
2739:
2734:
2714:
2704:
2699:
2694:
2679:
2674:
2622:
2617:
2597:
2567:
2542:
2527:
2497:
2450:
2440:
2420:
2415:
2400:
2395:
2309:
2030:
2025:
1920:
1566:
1561:
1556:
1551:
1546:
1454:
1449:
1444:
1439:
512:
320:
313:
347:
Centre d'évaluation de la sécurité des technologies de l'information
4321:
3895:
3875:
3835:
3790:
3721:
3666:
3207:
2985:
2689:
2517:
2354:
2344:
2329:
2304:
2289:
2264:
2259:
2142:
2117:
2112:
2097:
2092:
2087:
2077:
2042:
2037:
2020:
2000:
1995:
1990:
1985:
1980:
1975:
1965:
1950:
1940:
1935:
1925:
1910:
1905:
1895:
1890:
1885:
1870:
1865:
1860:
1855:
1850:
1835:
1820:
1793:
1788:
1783:
1778:
1773:
1768:
1763:
1753:
1748:
1728:
1723:
1713:
1708:
1698:
1693:
1683:
1678:
1673:
1648:
1638:
1531:
1434:
1429:
1424:
1419:
1414:
1409:
1404:
1399:
1394:
765:
704:
681:
496:
141:
1257:
61:
Common Criteria is a framework in which computer system users can
4346:
4311:
4301:
3870:
3783:
3496:
3288:
3273:
3070:
3060:
3050:
2826:
2642:
2487:
2475:
1633:
1628:
1623:
1618:
1613:
1598:
1593:
1588:
1583:
1578:
1541:
1496:
1491:
1476:
1471:
1466:
3606:
291:
and the National Bureau of Standards (the NBS eventually became
4376:
4371:
4366:
4276:
4216:
4206:
4201:
4191:
4151:
4101:
3358:
3343:
3338:
3333:
3005:
2980:
2908:
2764:
2749:
2729:
2724:
2669:
2662:
2657:
2652:
2547:
2512:
2359:
2010:
1825:
1389:
1247:
426:
Netherlands scheme for Certification in the Area of IT Security
300:
Canada, France, Germany, the Netherlands, the UK, and the U.S.
266:
583:
Industry input, including that from organizations such as the
382:
365:
OCSI (Organismo di Certificazione della Sicurezza Informatica)
364:
32:
Common Criteria for Information Technology Security Evaluation
4226:
4106:
4096:
4091:
4081:
3991:
3920:
3393:
3368:
3090:
2975:
2846:
2627:
2492:
2364:
2339:
2334:
2314:
1688:
1658:
1653:
1374:
1359:
1349:
1344:
1090:
Estonian Electronic Identity Card and its Security Challenges
865:"Indian Common Criteria Certification Scheme (IC3S) Overview"
492:
488:
403:(NVLAP) accredits Common Criteria Testing Laboratories (CCTL)
280:
272:
252:
428:(NSCIB) accredits IT Security Evaluation Facilities (ITSEF).
323:
is typically demonstrated to a National approval authority:
4251:
4166:
3763:
3040:
2903:
2896:
2562:
2507:
2107:
1718:
696:
685:
256:
160:
1093:(PhD) (in Estonian). University of Tartu. pp. 141–143
647:
have revoked the corresponding certificates. According to
435:(CSEC) licenses IT Security Evaluation Facilities (ITSEF).
392:; the UK is since 2019 only a consumer in the CC ecosystem
358:
Agence nationale de la sécurité des systèmes d'information
58:
certification. It is currently in version 3.1 revision 5.
27:
International standard for computer security certification
3945:
3527:
3217:
2269:
955:"Versions of Windows obtain Common Criteria EAL level 4+"
820:"Common Criteria - Communication Security Establishment"
587:, generally has little impact on the process as a whole.
526:
In the Microsoft case, the assumptions include A.PEER:
1042:
Beznosov, Konstantin; Kruchten, Philippe (2005-10-16).
931:"Common Criteria Management Committee Vision Statement"
1253:
Additional Common Criteria Information on Google Knol
1307:
1218:
The official website of the Common Criteria Project
1129:
Infosec Assurance and Certification Services (IACS)
717:
549:The certified Microsoft Windows versions remain at
408:
Bundesamt fĂĽr Sicherheit in der Informationstechnik
401:
National Voluntary Laboratory Accreditation Program
959:Network Information Security & Technology News
372:Ministry of Electronics and Information Technology
442:
367:accredits Common Criteria evaluation laboratories
4498:
1041:
1018:
73:requirements (SFRs and SARs, respectively) in a
985:Government Computer News, retrieved 2007-12-14
397:National Institute of Standards and Technology
3622:
1293:
1233:List of Licensed Common Criteria Laboratories
135:– the document that identifies the security
1080:
688:Assisted Products Scheme (CAPS) in the UK.
3629:
3615:
1300:
1286:
1228:List of Common Criteria evaluated products
433:Swedish Certification Body for IT Security
4486:International Electrotechnical Commission
674:
502:
1171:
1062:
303:
1086:
994:
450:Common Criteria Recognition Arrangement
383:Commercial Evaluation Facilities (CLEF)
149:Security Functional Requirements (SFRs)
14:
4499:
1223:The Common Criteria standard documents
1146:
370:In India, the STQC Directorate of the
248:CC originated out of three standards:
182:Security Assurance Requirements (SARs)
3610:
1281:
1112:"CAPS: CESG Assisted Products Scheme"
1263:Common Criteria Quick Reference Card
845:"Common Criteria Certified Products"
536:Controlled Access Protection Profile
534:This assumption is contained in the
379:United Kingdom Accreditation Service
277:United States Department of Defense
24:
1268:Common Criteria process cheatsheet
1243:Important Common Criteria Acronyms
1044:"Towards Agile Security Assurance"
25:
4528:
3636:
1211:
1021:Lecture Notes in Computer Science
3591:
3590:
1273:Common Criteria process timeline
1238:Towards Agile Security Assurance
421:operating in the Spanish Scheme.
417:(CCN) accredits Common Criteria
1184:
1172:Brickman, Joshua (2011-03-11).
1165:
1140:
1122:
1104:
1056:
1035:
1012:
988:
482:
336:Comité français d'accréditation
93:
969:
947:
923:
899:
877:
857:
837:
812:
792:
585:Common Criteria Vendor's Forum
577:source code analysis required.
443:Mutual recognition arrangement
151:– specify individual security
13:
1:
1087:Parsovs, Arnis (2021-03-03).
995:Wheeler, David (2006-12-11).
786:
593:free and open-source software
556:
1147:Salter, Chris (2011-01-10).
1063:Kallberg, Jan (2012-08-01).
1029:10.1007/978-3-540-27777-4_12
961:. 2005-12-14. Archived from
746:China Compulsory Certificate
515:Windows versions, including
279:DoD 5200.28 Std, called the
77:(ST), and may be taken from
7:
4507:Computer security standards
1248:Common Criteria Users Forum
781:Verification and validation
734:
415:National Cryptologic Center
329:Standards Council of Canada
159:a user acting a particular
10:
4533:
1134:February 20, 2008, at the
889:The Common Criteria Portal
751:Evaluation Assurance Level
243:
189:Evaluation Assurance Level
103:Target of Evaluation (TOE)
4478:
3979:
3644:
3586:
3510:
3236:
2388:
1337:
1319:
800:"Publications: CC Portal"
608:geopolitical boundaries.
564:Government Computing News
477:
424:In The Netherlands, the
381:(UKAS) used to accredit
289:National Security Agency
81:(PPs). Vendors can then
4512:Evaluation of computers
705:CESG Claims Tested Mark
668:Estonian identity cards
540:evaluated configuration
675:Alternative approaches
532:
503:Value of certification
219:IT baseline protection
44:international standard
885:"Members of the CCRA"
761:Information Assurance
528:
304:Testing organizations
419:Testing Laboratories
319:The compliance with
310:testing laboratories
741:Bell–LaPadula model
716:negative impact on
517:Windows Server 2003
79:Protection Profiles
1313:by standard number
1161:on April 17, 2012.
981:2021-04-23 at the
718:mutual recognition
713:Protection Profile
664:ROCA vulnerability
621:testing laboratory
613:ROCA vulnerability
388:2015-10-28 at the
120:digital signatures
110:Protection Profile
4494:
4493:
3604:
3603:
1327:ISO romanizations
776:Usability testing
312:must comply with
283:and parts of the
207:operating systems
175:quality assurance
56:computer security
16:(Redirected from
4524:
3631:
3624:
3617:
3608:
3607:
3594:
3593:
1314:
1302:
1295:
1288:
1279:
1278:
1206:
1205:
1203:
1202:
1196:
1188:
1182:
1181:
1176:. Archived from
1169:
1163:
1162:
1160:
1154:. Archived from
1153:
1144:
1138:
1126:
1120:
1119:
1114:. Archived from
1108:
1102:
1101:
1099:
1098:
1084:
1078:
1077:
1075:
1074:
1069:
1060:
1054:
1053:
1051:
1050:
1039:
1033:
1032:
1016:
1010:
1009:
1007:
1006:
1001:
992:
986:
973:
967:
966:
951:
945:
944:
942:
941:
935:
927:
921:
920:
918:
917:
911:
903:
897:
896:
891:. Archived from
881:
875:
874:
872:
871:
861:
855:
854:
852:
851:
841:
835:
834:
832:
831:
822:. Archived from
816:
810:
809:
807:
806:
796:
561:In August 2007,
406:In Germany, the
355:
344:
209:, smart cards).
118:used to provide
34:(referred to as
21:
4532:
4531:
4527:
4526:
4525:
4523:
4522:
4521:
4497:
4496:
4495:
4490:
4474:
3975:
3640:
3635:
3605:
3600:
3582:
3506:
3232:
2384:
1333:
1315:
1312:
1306:
1214:
1209:
1200:
1198:
1194:
1190:
1189:
1185:
1170:
1166:
1158:
1151:
1145:
1141:
1136:Wayback Machine
1127:
1123:
1110:
1109:
1105:
1096:
1094:
1085:
1081:
1072:
1070:
1067:
1061:
1057:
1048:
1046:
1040:
1036:
1017:
1013:
1004:
1002:
999:
993:
989:
983:Wayback Machine
974:
970:
953:
952:
948:
939:
937:
933:
929:
928:
924:
915:
913:
909:
905:
904:
900:
883:
882:
878:
869:
867:
863:
862:
858:
849:
847:
843:
842:
838:
829:
827:
818:
817:
813:
804:
802:
798:
797:
793:
789:
737:
677:
559:
505:
485:
480:
445:
431:In Sweden, the
395:In the US, the
390:Wayback Machine
349:
338:
334:In France, the
327:In Canada, the
306:
246:
217:and the German
131:Security Target
96:
75:Security Target
65:their security
36:Common Criteria
28:
23:
22:
15:
12:
11:
5:
4530:
4520:
4519:
4514:
4509:
4492:
4491:
4489:
4488:
4482:
4480:
4476:
4475:
4473:
4472:
4467:
4462:
4457:
4452:
4447:
4442:
4437:
4434:
4429:
4424:
4419:
4414:
4409:
4404:
4399:
4394:
4389:
4384:
4379:
4374:
4369:
4364:
4359:
4354:
4349:
4344:
4339:
4334:
4329:
4324:
4319:
4314:
4309:
4304:
4299:
4294:
4289:
4284:
4279:
4274:
4269:
4264:
4259:
4254:
4249:
4244:
4239:
4234:
4229:
4224:
4219:
4214:
4209:
4204:
4199:
4194:
4189:
4184:
4179:
4174:
4169:
4164:
4159:
4154:
4149:
4144:
4139:
4134:
4129:
4124:
4119:
4114:
4109:
4104:
4099:
4094:
4089:
4084:
4079:
4074:
4069:
4064:
4059:
4054:
4049:
4044:
4039:
4034:
4029:
4024:
4019:
4014:
4009:
4004:
3999:
3994:
3989:
3983:
3981:
3977:
3976:
3974:
3973:
3968:
3963:
3958:
3953:
3948:
3943:
3938:
3933:
3928:
3923:
3918:
3913:
3908:
3903:
3898:
3893:
3888:
3883:
3878:
3873:
3868:
3863:
3858:
3853:
3848:
3843:
3838:
3833:
3828:
3823:
3818:
3813:
3808:
3803:
3798:
3793:
3788:
3787:
3786:
3781:
3771:
3766:
3761:
3756:
3751:
3746:
3745:
3744:
3739:
3729:
3724:
3719:
3714:
3709:
3704:
3699:
3694:
3689:
3684:
3679:
3674:
3669:
3664:
3659:
3654:
3648:
3646:
3642:
3641:
3634:
3633:
3626:
3619:
3611:
3602:
3601:
3599:
3598:
3587:
3584:
3583:
3581:
3580:
3575:
3570:
3565:
3560:
3555:
3550:
3545:
3540:
3535:
3530:
3525:
3520:
3514:
3512:
3508:
3507:
3505:
3504:
3499:
3494:
3489:
3486:
3481:
3476:
3471:
3466:
3461:
3456:
3451:
3446:
3441:
3436:
3431:
3426:
3421:
3416:
3411:
3406:
3401:
3396:
3391:
3386:
3381:
3376:
3371:
3366:
3361:
3356:
3351:
3346:
3341:
3336:
3331:
3326:
3321:
3316:
3311:
3306:
3301:
3296:
3291:
3286:
3281:
3276:
3271:
3266:
3261:
3256:
3251:
3246:
3240:
3238:
3234:
3233:
3231:
3230:
3225:
3220:
3215:
3210:
3205:
3200:
3195:
3190:
3185:
3180:
3175:
3170:
3165:
3160:
3155:
3150:
3145:
3140:
3135:
3130:
3125:
3120:
3115:
3114:
3113:
3108:
3098:
3093:
3088:
3083:
3078:
3073:
3068:
3063:
3058:
3053:
3048:
3043:
3038:
3033:
3028:
3023:
3018:
3013:
3008:
3003:
2998:
2993:
2988:
2983:
2978:
2973:
2968:
2963:
2958:
2953:
2948:
2943:
2942:
2941:
2931:
2926:
2921:
2916:
2911:
2906:
2901:
2900:
2899:
2894:
2884:
2879:
2874:
2869:
2864:
2859:
2854:
2849:
2844:
2839:
2834:
2829:
2824:
2819:
2814:
2813:
2812:
2807:
2802:
2797:
2792:
2787:
2782:
2777:
2772:
2762:
2757:
2752:
2747:
2742:
2737:
2732:
2727:
2722:
2717:
2712:
2707:
2702:
2697:
2692:
2687:
2682:
2677:
2672:
2667:
2666:
2665:
2660:
2650:
2645:
2640:
2635:
2630:
2625:
2620:
2615:
2610:
2605:
2595:
2590:
2585:
2580:
2575:
2570:
2565:
2560:
2555:
2550:
2545:
2540:
2535:
2530:
2525:
2520:
2515:
2510:
2505:
2500:
2495:
2490:
2485:
2480:
2479:
2478:
2473:
2468:
2463:
2458:
2448:
2443:
2438:
2433:
2428:
2423:
2418:
2413:
2408:
2403:
2398:
2392:
2390:
2386:
2385:
2383:
2382:
2377:
2372:
2367:
2362:
2357:
2352:
2347:
2342:
2337:
2332:
2327:
2322:
2317:
2312:
2307:
2302:
2297:
2292:
2287:
2282:
2277:
2272:
2267:
2262:
2257:
2252:
2251:
2250:
2245:
2240:
2235:
2230:
2225:
2220:
2215:
2210:
2205:
2200:
2195:
2190:
2185:
2180:
2175:
2170:
2160:
2155:
2150:
2145:
2140:
2135:
2130:
2125:
2120:
2115:
2110:
2105:
2100:
2095:
2090:
2085:
2080:
2075:
2070:
2065:
2060:
2055:
2050:
2045:
2040:
2035:
2034:
2033:
2023:
2018:
2013:
2008:
2003:
1998:
1993:
1988:
1983:
1978:
1973:
1968:
1963:
1958:
1953:
1948:
1943:
1938:
1933:
1928:
1923:
1918:
1913:
1908:
1903:
1898:
1893:
1888:
1883:
1878:
1873:
1868:
1863:
1858:
1853:
1848:
1843:
1838:
1833:
1828:
1823:
1818:
1813:
1812:
1811:
1806:
1801:
1791:
1786:
1781:
1776:
1771:
1766:
1761:
1756:
1751:
1746:
1741:
1736:
1731:
1726:
1721:
1716:
1711:
1706:
1701:
1696:
1691:
1686:
1681:
1676:
1671:
1666:
1661:
1656:
1651:
1646:
1641:
1636:
1631:
1626:
1621:
1616:
1611:
1606:
1601:
1596:
1591:
1586:
1581:
1576:
1571:
1570:
1569:
1564:
1559:
1554:
1549:
1539:
1534:
1529:
1524:
1519:
1514:
1509:
1504:
1499:
1494:
1489:
1484:
1479:
1474:
1469:
1464:
1459:
1458:
1457:
1452:
1447:
1442:
1437:
1432:
1427:
1422:
1417:
1412:
1407:
1402:
1397:
1387:
1382:
1377:
1372:
1367:
1362:
1357:
1352:
1347:
1341:
1339:
1335:
1334:
1320:
1317:
1316:
1305:
1304:
1297:
1290:
1282:
1276:
1275:
1270:
1265:
1260:
1255:
1250:
1245:
1240:
1235:
1230:
1225:
1220:
1213:
1212:External links
1210:
1208:
1207:
1183:
1180:on 2012-05-29.
1164:
1139:
1121:
1118:on 2008-08-01.
1103:
1079:
1055:
1034:
1011:
987:
968:
965:on 2006-10-14.
946:
922:
898:
895:on 2008-08-22.
876:
856:
836:
811:
790:
788:
785:
784:
783:
778:
773:
768:
763:
758:
753:
748:
743:
736:
733:
732:
731:
728:
709:
708:
701:
676:
673:
672:
671:
656:
652:
637:
589:
588:
581:
578:
574:
558:
555:
504:
501:
484:
481:
479:
476:
475:
474:
471:
468:
444:
441:
437:
436:
429:
422:
413:In Spain, the
411:
404:
393:
377:In the UK the
375:
368:
363:In Italy, the
361:
332:
305:
302:
297:
296:
285:Rainbow Series
270:
264:
245:
242:
203:
202:
185:
171:
170:
169:
168:
146:
127:
95:
92:
26:
9:
6:
4:
3:
2:
4529:
4518:
4517:ISO standards
4515:
4513:
4510:
4508:
4505:
4504:
4502:
4487:
4484:
4483:
4481:
4477:
4471:
4468:
4466:
4463:
4461:
4458:
4456:
4453:
4451:
4448:
4446:
4443:
4441:
4438:
4435:
4433:
4430:
4428:
4425:
4423:
4420:
4418:
4415:
4413:
4410:
4408:
4405:
4403:
4400:
4398:
4395:
4393:
4390:
4388:
4385:
4383:
4380:
4378:
4375:
4373:
4370:
4368:
4365:
4363:
4360:
4358:
4355:
4353:
4350:
4348:
4345:
4343:
4340:
4338:
4335:
4333:
4330:
4328:
4325:
4323:
4320:
4318:
4315:
4313:
4310:
4308:
4305:
4303:
4300:
4298:
4295:
4293:
4290:
4288:
4285:
4283:
4280:
4278:
4275:
4273:
4270:
4268:
4265:
4263:
4260:
4258:
4255:
4253:
4250:
4248:
4245:
4243:
4240:
4238:
4235:
4233:
4230:
4228:
4225:
4223:
4220:
4218:
4215:
4213:
4210:
4208:
4205:
4203:
4200:
4198:
4195:
4193:
4190:
4188:
4185:
4183:
4180:
4178:
4175:
4173:
4170:
4168:
4165:
4163:
4160:
4158:
4155:
4153:
4150:
4148:
4145:
4143:
4140:
4138:
4135:
4133:
4130:
4128:
4125:
4123:
4120:
4118:
4115:
4113:
4110:
4108:
4105:
4103:
4100:
4098:
4095:
4093:
4090:
4088:
4085:
4083:
4080:
4078:
4075:
4073:
4070:
4068:
4065:
4063:
4060:
4058:
4055:
4053:
4050:
4048:
4045:
4043:
4040:
4038:
4035:
4033:
4030:
4028:
4025:
4023:
4020:
4018:
4015:
4013:
4010:
4008:
4005:
4003:
4000:
3998:
3995:
3993:
3990:
3988:
3985:
3984:
3982:
3978:
3972:
3969:
3967:
3964:
3962:
3959:
3957:
3954:
3952:
3949:
3947:
3944:
3942:
3939:
3937:
3934:
3932:
3929:
3927:
3924:
3922:
3919:
3917:
3914:
3912:
3909:
3907:
3904:
3902:
3899:
3897:
3894:
3892:
3889:
3887:
3884:
3882:
3879:
3877:
3874:
3872:
3869:
3867:
3864:
3862:
3859:
3857:
3854:
3852:
3849:
3847:
3844:
3842:
3839:
3837:
3834:
3832:
3829:
3827:
3824:
3822:
3819:
3817:
3814:
3812:
3809:
3807:
3804:
3802:
3799:
3797:
3794:
3792:
3789:
3785:
3782:
3780:
3777:
3776:
3775:
3772:
3770:
3767:
3765:
3762:
3760:
3757:
3755:
3752:
3750:
3747:
3743:
3740:
3738:
3735:
3734:
3733:
3730:
3728:
3725:
3723:
3720:
3718:
3715:
3713:
3710:
3708:
3705:
3703:
3700:
3698:
3695:
3693:
3690:
3688:
3685:
3683:
3680:
3678:
3675:
3673:
3670:
3668:
3665:
3663:
3660:
3658:
3655:
3653:
3650:
3649:
3647:
3643:
3639:
3638:IEC standards
3632:
3627:
3625:
3620:
3618:
3613:
3612:
3609:
3597:
3589:
3588:
3585:
3579:
3576:
3574:
3571:
3569:
3566:
3564:
3561:
3559:
3556:
3554:
3551:
3549:
3546:
3544:
3541:
3539:
3536:
3534:
3531:
3529:
3526:
3524:
3521:
3519:
3516:
3515:
3513:
3509:
3503:
3500:
3498:
3495:
3493:
3490:
3487:
3485:
3482:
3480:
3477:
3475:
3472:
3470:
3467:
3465:
3462:
3460:
3457:
3455:
3452:
3450:
3447:
3445:
3442:
3440:
3437:
3435:
3432:
3430:
3427:
3425:
3422:
3420:
3417:
3415:
3412:
3410:
3407:
3405:
3402:
3400:
3397:
3395:
3392:
3390:
3387:
3385:
3382:
3380:
3377:
3375:
3372:
3370:
3367:
3365:
3362:
3360:
3357:
3355:
3352:
3350:
3347:
3345:
3342:
3340:
3337:
3335:
3332:
3330:
3327:
3325:
3322:
3320:
3317:
3315:
3312:
3310:
3307:
3305:
3302:
3300:
3297:
3295:
3292:
3290:
3287:
3285:
3282:
3280:
3277:
3275:
3272:
3270:
3267:
3265:
3262:
3260:
3257:
3255:
3252:
3250:
3247:
3245:
3242:
3241:
3239:
3235:
3229:
3226:
3224:
3221:
3219:
3216:
3214:
3211:
3209:
3206:
3204:
3201:
3199:
3196:
3194:
3191:
3189:
3186:
3184:
3181:
3179:
3176:
3174:
3171:
3169:
3166:
3164:
3161:
3159:
3156:
3154:
3151:
3149:
3146:
3144:
3141:
3139:
3136:
3134:
3131:
3129:
3126:
3124:
3121:
3119:
3116:
3112:
3109:
3107:
3104:
3103:
3102:
3099:
3097:
3094:
3092:
3089:
3087:
3084:
3082:
3079:
3077:
3074:
3072:
3069:
3067:
3064:
3062:
3059:
3057:
3054:
3052:
3049:
3047:
3044:
3042:
3039:
3037:
3034:
3032:
3029:
3027:
3024:
3022:
3019:
3017:
3014:
3012:
3009:
3007:
3004:
3002:
2999:
2997:
2994:
2992:
2989:
2987:
2984:
2982:
2979:
2977:
2974:
2972:
2969:
2967:
2964:
2962:
2959:
2957:
2954:
2952:
2949:
2947:
2944:
2940:
2937:
2936:
2935:
2932:
2930:
2927:
2925:
2922:
2920:
2917:
2915:
2912:
2910:
2907:
2905:
2902:
2898:
2895:
2893:
2890:
2889:
2888:
2885:
2883:
2880:
2878:
2875:
2873:
2870:
2868:
2865:
2863:
2860:
2858:
2855:
2853:
2850:
2848:
2845:
2843:
2840:
2838:
2835:
2833:
2830:
2828:
2825:
2823:
2820:
2818:
2815:
2811:
2808:
2806:
2803:
2801:
2798:
2796:
2793:
2791:
2788:
2786:
2783:
2781:
2778:
2776:
2773:
2771:
2768:
2767:
2766:
2763:
2761:
2758:
2756:
2753:
2751:
2748:
2746:
2743:
2741:
2738:
2736:
2733:
2731:
2728:
2726:
2723:
2721:
2718:
2716:
2713:
2711:
2708:
2706:
2703:
2701:
2698:
2696:
2693:
2691:
2688:
2686:
2683:
2681:
2678:
2676:
2673:
2671:
2668:
2664:
2661:
2659:
2656:
2655:
2654:
2651:
2649:
2646:
2644:
2641:
2639:
2636:
2634:
2631:
2629:
2626:
2624:
2621:
2619:
2616:
2614:
2611:
2609:
2606:
2603:
2599:
2596:
2594:
2591:
2589:
2586:
2584:
2581:
2579:
2576:
2574:
2571:
2569:
2566:
2564:
2561:
2559:
2556:
2554:
2551:
2549:
2546:
2544:
2541:
2539:
2536:
2534:
2531:
2529:
2526:
2524:
2521:
2519:
2516:
2514:
2511:
2509:
2506:
2504:
2501:
2499:
2496:
2494:
2491:
2489:
2486:
2484:
2481:
2477:
2474:
2472:
2469:
2467:
2464:
2462:
2459:
2457:
2454:
2453:
2452:
2449:
2447:
2444:
2442:
2439:
2437:
2434:
2432:
2429:
2427:
2424:
2422:
2419:
2417:
2414:
2412:
2409:
2407:
2404:
2402:
2399:
2397:
2394:
2393:
2391:
2387:
2381:
2378:
2376:
2373:
2371:
2368:
2366:
2363:
2361:
2358:
2356:
2353:
2351:
2348:
2346:
2343:
2341:
2338:
2336:
2333:
2331:
2328:
2326:
2323:
2321:
2318:
2316:
2313:
2311:
2308:
2306:
2303:
2301:
2298:
2296:
2293:
2291:
2288:
2286:
2283:
2281:
2278:
2276:
2273:
2271:
2268:
2266:
2263:
2261:
2258:
2256:
2253:
2249:
2246:
2244:
2241:
2239:
2236:
2234:
2231:
2229:
2226:
2224:
2221:
2219:
2216:
2214:
2211:
2209:
2206:
2204:
2201:
2199:
2196:
2194:
2191:
2189:
2186:
2184:
2181:
2179:
2176:
2174:
2171:
2169:
2166:
2165:
2164:
2161:
2159:
2156:
2154:
2151:
2149:
2146:
2144:
2141:
2139:
2136:
2134:
2131:
2129:
2126:
2124:
2121:
2119:
2116:
2114:
2111:
2109:
2106:
2104:
2101:
2099:
2096:
2094:
2091:
2089:
2086:
2084:
2081:
2079:
2076:
2074:
2071:
2069:
2066:
2064:
2061:
2059:
2056:
2054:
2051:
2049:
2046:
2044:
2041:
2039:
2036:
2032:
2029:
2028:
2027:
2024:
2022:
2019:
2017:
2014:
2012:
2009:
2007:
2004:
2002:
1999:
1997:
1994:
1992:
1989:
1987:
1984:
1982:
1979:
1977:
1974:
1972:
1969:
1967:
1964:
1962:
1959:
1957:
1954:
1952:
1949:
1947:
1944:
1942:
1939:
1937:
1934:
1932:
1929:
1927:
1924:
1922:
1919:
1917:
1914:
1912:
1909:
1907:
1904:
1902:
1899:
1897:
1894:
1892:
1889:
1887:
1884:
1882:
1879:
1877:
1874:
1872:
1869:
1867:
1864:
1862:
1859:
1857:
1854:
1852:
1849:
1847:
1844:
1842:
1839:
1837:
1834:
1832:
1829:
1827:
1824:
1822:
1819:
1817:
1814:
1810:
1807:
1805:
1802:
1800:
1797:
1796:
1795:
1792:
1790:
1787:
1785:
1782:
1780:
1777:
1775:
1772:
1770:
1767:
1765:
1762:
1760:
1757:
1755:
1752:
1750:
1747:
1745:
1742:
1740:
1737:
1735:
1732:
1730:
1727:
1725:
1722:
1720:
1717:
1715:
1712:
1710:
1707:
1705:
1702:
1700:
1697:
1695:
1692:
1690:
1687:
1685:
1682:
1680:
1677:
1675:
1672:
1670:
1667:
1665:
1662:
1660:
1657:
1655:
1652:
1650:
1647:
1645:
1642:
1640:
1637:
1635:
1632:
1630:
1627:
1625:
1622:
1620:
1617:
1615:
1612:
1610:
1607:
1605:
1602:
1600:
1597:
1595:
1592:
1590:
1587:
1585:
1582:
1580:
1577:
1575:
1572:
1568:
1565:
1563:
1560:
1558:
1555:
1553:
1550:
1548:
1545:
1544:
1543:
1540:
1538:
1535:
1533:
1530:
1528:
1525:
1523:
1520:
1518:
1515:
1513:
1510:
1508:
1505:
1503:
1500:
1498:
1495:
1493:
1490:
1488:
1485:
1483:
1480:
1478:
1475:
1473:
1470:
1468:
1465:
1463:
1460:
1456:
1453:
1451:
1448:
1446:
1443:
1441:
1438:
1436:
1433:
1431:
1428:
1426:
1423:
1421:
1418:
1416:
1413:
1411:
1408:
1406:
1403:
1401:
1398:
1396:
1393:
1392:
1391:
1388:
1386:
1383:
1381:
1378:
1376:
1373:
1371:
1368:
1366:
1363:
1361:
1358:
1356:
1353:
1351:
1348:
1346:
1343:
1342:
1340:
1336:
1332:
1331:IEC standards
1328:
1324:
1323:ISO standards
1318:
1310:
1303:
1298:
1296:
1291:
1289:
1284:
1283:
1280:
1274:
1271:
1269:
1266:
1264:
1261:
1259:
1256:
1254:
1251:
1249:
1246:
1244:
1241:
1239:
1236:
1234:
1231:
1229:
1226:
1224:
1221:
1219:
1216:
1215:
1193:
1187:
1179:
1175:
1168:
1157:
1150:
1143:
1137:
1133:
1130:
1125:
1117:
1113:
1107:
1092:
1091:
1083:
1066:
1059:
1045:
1038:
1030:
1026:
1022:
1015:
998:
991:
984:
980:
977:
972:
964:
960:
956:
950:
932:
926:
908:
902:
894:
890:
886:
880:
866:
860:
846:
840:
826:on 2021-02-01
825:
821:
815:
801:
795:
791:
782:
779:
777:
774:
772:
771:ISO/IEC 27001
769:
767:
764:
762:
759:
757:
754:
752:
749:
747:
744:
742:
739:
738:
729:
726:
725:
724:
721:
719:
714:
706:
702:
698:
694:
693:
692:
689:
687:
683:
669:
665:
661:
657:
653:
650:
646:
642:
638:
635:
631:
626:
622:
618:
617:
616:
614:
611:In 2017, the
609:
606:
602:
598:
594:
586:
582:
579:
575:
572:
571:
570:
567:
565:
554:
552:
547:
543:
541:
537:
531:
527:
524:
522:
518:
514:
509:
500:
498:
494:
490:
472:
469:
466:
465:
464:
461:
457:
455:
451:
440:
434:
430:
427:
423:
420:
416:
412:
409:
405:
402:
398:
394:
391:
387:
384:
380:
376:
373:
369:
366:
362:
359:
353:
348:
342:
337:
333:
330:
326:
325:
324:
322:
321:ISO/IEC 17025
317:
315:
314:ISO/IEC 17025
311:
301:
294:
290:
286:
282:
278:
274:
271:
268:
265:
262:
258:
254:
251:
250:
249:
241:
237:
233:
231:
227:
226:cryptographic
222:
220:
216:
215:ISO/IEC 27002
210:
208:
200:
196:
192:
190:
186:
183:
180:
179:
178:
176:
166:
165:authenticated
162:
158:
154:
150:
147:
143:
138:
134:
132:
128:
125:
122:, or network
121:
117:
113:
111:
107:
106:
104:
101:
100:
99:
91:
88:
84:
80:
76:
72:
68:
64:
59:
57:
53:
49:
45:
41:
37:
33:
19:
18:ISO/IEC 15408
4422:27000-series
4241:
3449:27000 series
2881:
1199:. Retrieved
1197:. 2012-09-18
1186:
1178:the original
1167:
1156:the original
1142:
1124:
1116:the original
1106:
1095:. Retrieved
1089:
1082:
1071:. Retrieved
1058:
1047:. Retrieved
1037:
1020:
1014:
1003:. Retrieved
990:
971:
963:the original
958:
949:
938:. Retrieved
936:. 2012-09-01
925:
914:. Retrieved
912:. 2014-07-02
901:
893:the original
888:
879:
868:. Retrieved
859:
848:. Retrieved
839:
828:. Retrieved
824:the original
814:
803:. Retrieved
794:
722:
710:
690:
678:
610:
605:Jan Kallberg
590:
563:
560:
548:
544:
539:
533:
529:
525:
510:
506:
486:
483:Requirements
462:
458:
453:
449:
446:
438:
318:
307:
298:
247:
238:
234:
223:
211:
204:
194:
187:
181:
172:
156:
152:
148:
136:
129:
108:
102:
97:
94:Key concepts
86:
82:
70:
66:
62:
60:
39:
35:
31:
29:
3237:20000–29999
2389:10000–19999
350: [
339: [
281:Orange Book
224:Details of
177:processes:
145:evaluation.
116:smart cards
54:15408) for
4501:Categories
3016:16949 (TS)
2613:11941 (TR)
1311:standards
1201:2023-12-30
1097:2023-12-30
1073:2023-12-30
1049:2023-12-30
1005:2023-12-30
940:2023-12-30
916:2023-12-30
870:2023-12-30
850:2023-12-30
830:2015-03-02
805:2024-01-06
787:References
756:FIPS 140-2
684:, and the
658:According
557:Criticisms
521:Windows XP
230:FIPS 140-2
137:properties
67:functional
2971:15926 WIP
2335:9592/9593
2260:9000/9001
2148:8805/8806
597:waterfall
513:Microsoft
163:might be
153:functions
124:firewalls
83:implement
71:assurance
3596:Category
1321:List of
1132:Archived
979:Archived
766:ISO 9241
735:See also
682:FIPS-140
511:Various
497:FIPS 140
386:Archived
360:(ANSSI).
199:verified
142:database
87:evaluate
42:) is an
4479:Related
4192:13522-5
3980:ISO/IEC
3871:62014-4
3784:61131-9
3779:61131-3
3749:60906-1
3742:60870-6
3737:60870-5
3497:29199-2
3369:23094-2
3364:23094-1
3354:23090-3
3223:19794-5
3218:19775-1
3006:16612-2
2996:16355-1
2685:13406-2
2643:12234-2
2411:10118-3
399:(NIST)
244:History
63:specify
3511:30000+
2350:9797-1
2158:8820-5
2103:8501-1
1659:1073-2
1654:1073-1
1338:1–9999
1195:(DOCX)
478:Issues
275:– The
267:CTCPEC
195:do not
4470:81346
4465:80000
4460:42010
4455:39075
4450:38500
4445:33001
4440:29119
4436:29110
4432:27040
4427:27002
4417:27000
4412:26300
4407:24752
4402:24744
4397:24727
4392:24707
4387:23360
4382:23270
4377:23008
4372:23003
4367:23000
4362:22537
4357:22275
4352:21827
4347:21000
4342:20802
4337:20000
4332:19788
4327:19770
4322:19757
4317:19752
4312:18181
4307:18014
4302:18004
4297:17025
4292:17024
4287:16485
4282:16262
4277:15938
4272:15897
4267:15693
4262:15511
4257:15504
4252:15445
4247:15444
4242:15408
4237:15291
4232:15288
4227:14882
4222:14651
4217:14496
4212:14443
4207:13818
4202:13816
4197:13568
4187:13346
4182:13250
4177:12207
4172:11801
4167:11544
4162:11404
4157:11179
4152:11172
4147:10967
4142:10646
4137:10279
4132:10179
4127:10165
4122:10116
4117:10021
3971:63382
3966:63119
3961:63110
3956:62700
3951:62682
3946:62680
3941:62455
3936:62386
3931:62379
3926:62366
3921:62365
3916:62351
3911:62325
3906:62304
3901:62264
3896:62262
3891:62196
3886:62061
3881:62056
3876:62026
3866:61970
3861:61968
3856:61960
3851:61883
3846:61851
3841:61850
3836:61784
3831:61511
3826:61508
3821:61499
3816:61400
3811:61360
3806:61355
3801:61334
3796:61162
3791:61158
3774:61131
3769:61030
3764:60958
3759:60929
3754:60908
3732:60870
3727:60601
3722:60559
3717:60446
3712:60364
3707:60320
3702:60309
3697:60297
3692:60269
3687:60228
3682:60112
3677:60068
3672:60063
3667:60062
3662:60038
3657:60034
3652:60027
3578:80000
3573:56000
3568:55000
3563:50001
3558:45001
3553:42010
3548:40500
3543:39075
3538:38500
3533:37001
3528:32000
3523:31000
3518:30170
3502:29500
3492:29148
3488:29110
3484:28000
3479:27729
3474:27006
3469:27005
3464:27002
3459:27001
3454:27000
3444:26324
3439:26300
3434:26262
3429:26000
3424:25964
3419:25178
3414:24728
3409:24707
3404:24617
3399:24613
3394:24517
3389:23941
3384:23360
3379:23271
3374:23270
3359:23092
3349:23009
3344:23008
3339:23003
3334:23000
3329:22537
3324:22395
3319:22301
3314:22300
3309:22275
3304:22000
3299:21827
3294:21500
3289:21122
3284:21047
3279:21001
3274:21000
3269:20830
3264:20802
3259:20400
3254:20121
3249:20022
3244:20000
3228:19831
3213:19770
3208:19757
3203:19752
3198:19600
3193:19510
3188:19509
3183:19508
3178:19507
3173:19506
3168:19505
3163:19503
3158:19502
3153:19501
3148:19500
3143:19439
3138:19407
3133:19136
3128:19125
3123:19115
3118:19114
3101:19092
3096:19011
3091:19005
3086:18916
3081:18629
3076:18245
3071:18181
3066:18014
3061:18004
3056:17799
3051:17506
3046:17442
3041:17369
3036:17203
3031:17100
3026:17025
3021:17024
3011:16750
3001:16485
2991:16262
2986:16023
2981:15938
2976:15930
2966:15926
2961:15924
2956:15919
2951:15897
2946:15707
2934:15706
2929:15693
2924:15686
2919:15511
2914:15504
2909:15438
2904:15445
2887:15444
2882:15408
2877:15398
2872:15291
2867:15288
2862:15189
2857:15022
2852:14971
2847:14882
2842:14764
2837:14698
2832:14651
2827:14649
2822:14644
2817:14617
2765:14496
2760:14443
2755:14396
2750:14289
2745:14224
2740:14031
2735:14000
2730:13818
2725:13816
2720:13616
2715:13584
2710:13568
2705:13567
2700:13490
2695:13485
2690:13450
2680:13399
2675:13250
2670:13216
2653:13211
2648:12620
2638:12207
2633:12182
2628:12052
2623:12006
2618:11992
2608:11941
2598:11940
2593:11898
2588:11889
2583:11801
2578:11785
2573:11784
2568:11783
2563:11544
2558:11404
2553:11179
2548:11172
2543:11170
2538:11073
2533:10967
2528:10962
2523:10957
2518:10861
2513:10746
2508:10664
2503:10646
2498:10628
2493:10589
2488:10585
2483:10383
2451:10303
2446:10279
2441:10218
2436:10206
2431:10179
2426:10165
2421:10161
2416:10160
2406:10116
2401:10007
2396:10006
1159:(PDF)
1152:(PDF)
1068:(PDF)
1000:(PDF)
934:(PDF)
910:(PDF)
641:ANSSI
601:agile
566:(GCN)
551:EAL4+
493:TCSEC
489:ITSEC
410:(BSI)
354:]
343:]
273:TCSEC
253:ITSEC
191:(EAL)
4112:9995
4107:9945
4102:9899
4097:9593
4092:9592
4087:9529
4082:9496
4077:9293
4072:9126
4067:8859
4062:8652
4057:8632
4052:8613
4047:7942
4042:7816
4037:7813
4032:7812
4027:7811
4022:7810
4017:6523
4012:6429
4007:5218
4002:4909
3997:2022
3992:1989
2476:-238
2380:9995
2375:9985
2370:9984
2365:9945
2360:9899
2355:9897
2345:9660
2340:9594
2330:9564
2325:9529
2320:9506
2315:9496
2310:9407
2305:9362
2300:9314
2295:9293
2290:9241
2285:9227
2280:9141
2275:9126
2270:9075
2265:9036
2255:8879
2208:-8-I
2163:8859
2153:8807
2143:8691
2138:8652
2133:8651
2128:8632
2123:8613
2118:8601
2113:8583
2108:8571
2098:8373
2093:8217
2088:8178
2083:8093
2078:8000
2073:7942
2068:7816
2063:7813
2058:7812
2053:7811
2048:7810
2043:7736
2038:7637
2026:7498
2021:7200
2016:7185
2011:7098
2006:7064
2001:7027
1996:7010
1991:7002
1986:7001
1981:6943
1976:6709
1971:6523
1966:6438
1961:6429
1956:6425
1951:6385
1946:6373
1941:6346
1936:6344
1931:6166
1926:5964
1921:5807
1916:5800
1911:5776
1906:5775
1901:5725
1896:5428
1891:5427
1886:5426
1881:5218
1876:4909
1871:4217
1866:4165
1861:4157
1856:4031
1851:3977
1846:3950
1841:3901
1836:3864
1831:3602
1826:3601
1821:3307
1816:3297
1794:3166
1789:3103
1784:3029
1779:2921
1774:2852
1769:2848
1764:2788
1759:2720
1754:2711
1749:2709
1744:2533
1739:2281
1734:2240
1729:2146
1724:2145
1719:2108
1714:2047
1709:2033
1704:2022
1699:2015
1694:2014
1689:1989
1684:1745
1679:1629
1674:1538
1669:1413
1664:1155
1649:1007
1644:1004
1639:1000
1462:68-1
703:The
697:CESG
695:The
686:CESG
643:nor
519:and
499:-2.
495:and
454:CCRA
308:All
293:NIST
257:CESG
161:role
133:(ST)
112:(PP)
69:and
30:The
3987:646
3645:IEC
2810:-20
2805:-17
2800:-14
2795:-12
2790:-11
2785:-10
2471:-28
2466:-22
2461:-21
2456:-11
2248:-16
2243:-15
2238:-14
2233:-13
2228:-12
2223:-11
2218:-10
1634:999
1629:965
1624:898
1619:860
1614:843
1609:838
1604:764
1599:732
1594:704
1589:690
1584:668
1579:657
1574:646
1542:639
1537:519
1532:518
1527:500
1522:361
1517:306
1512:302
1507:262
1502:261
1497:259
1492:233
1487:228
1482:226
1477:217
1472:216
1467:128
1455:-13
1450:-12
1445:-11
1440:-10
1309:ISO
1025:doi
660:BSI
649:BSI
645:BSI
634:BSI
630:BSI
625:BSI
261:DTI
157:how
52:IEC
48:ISO
38:or
4503::
3111:-2
3106:-1
2939:-2
2897:-9
2892:-3
2780:-6
2775:-3
2770:-2
2663:-2
2658:-1
2602:-2
2213:-9
2203:-8
2198:-7
2193:-6
2188:-5
2183:-4
2178:-3
2173:-2
2168:-1
2031:-1
1809:-3
1804:-2
1799:-1
1567:-6
1562:-5
1557:-3
1552:-2
1547:-1
1435:-9
1430:-8
1425:-7
1420:-6
1415:-5
1410:-4
1405:-3
1400:-1
1395:-0
1390:31
1385:17
1380:16
1329:–
1325:–
1023:.
957:.
887:.
720:.
542:.
352:fr
341:fr
221:.
40:CC
3630:e
3623:t
3616:v
2604:)
2600:(
1375:9
1370:7
1365:6
1360:4
1355:3
1350:2
1345:1
1301:e
1294:t
1287:v
1204:.
1100:.
1076:.
1052:.
1031:.
1027::
1008:.
943:.
919:.
873:.
853:.
833:.
808:.
670:.
452:(
201:.
50:/
46:(
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.