Common Criteria-Information Technology Security Evaluation
Common Criteria (CC) is a set of standards designed to establish an effective way of determining the level of security of a Target of Evaluation (TOE). These standards were established by a multi-national board of IT security groups. In coalition with many groups that are responsible for national standards, the CC was able to take form, some of these groups criterion include:
Trusted Computer System Evaluation Criteria (TCSEC)- These standards represent the criteria needed, and trusted by the United States companies and businesses to ensure security of a TOE. The approach in these criteria is based on a security level classification.
Information Technology Security Evaluation Criteria (TCSEC)- Like its North American Counterpart, these sets of standards were designed for classifying the security levels of a TOE, limited to European countries. Unlike TCSEC, ITSEC set of standards makes use of a hierarchical system for determining security levels.
Based on the similarities and differences of TCSEC and ITSEC and the global need for IT security, it was necessary to agree upon a standardized multi-national class set to ensure assurance and compatibility across many nations, thus inspiring the design and implementation of the Common Criteria.
