Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
You can change this under Settings & Account at any time.
CCUF - Common Criteria
Transcript of CCUF - Common Criteria
Pre-canned set of assurance requirements.
Set of functional AND assurance req's
The Common Criteria User Forum mission is to provide a voice and communications channel amongst the CC community including the vendors, consultants, testing laboratories, Common Criteria organizational committees, national schemes, policy makers, and other interested parties.
FIA_UAU.2.1 The TSF shall require each user to be successfully authenticated before allowing any other TSF-mediated actions on behalf of that user.
ATE_FUN.2.2D The developer shall provide test documentation.
ATE_FUN.2.1C The test documentation shall consist of test plans, expected test results and actual test results.
ATE_FUN.2.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.
Capstone document that drives evaluation.
ADV_FSP.1 Basic functional specification
AGD_OPE.1 Operational user guidance
AGD_PRE.1 Preparative procedures
ALC_CMC.1 Labelling of the TOE
ALC_CMS.1 TOE CM coverage
ATE_IND.1 Independent testing - conformance
AVA_VAN.1 Vulnerability survey
BIOS for PC
Protection Profile Examples:
Requirements incorporated into Security Target
Actions to be performed by the developer and evaluator to generate assurance.
Security functionality that the product must provide.
Optionally referenced by PPs and STs
1 - 7
International recognition only to EAL4
Is there a Protection Profile for my product?
Precludes evaluation in some schemes
Acceptance criteria apply
You determine scope / functions
No US PCL listing
Development may be needed to meet PP requirements
Entropy requirements tricky
US PCL Listing for NIAP PPs
Eligibility (if EAL)
Entropy Description (USA)
Results in 'in-evaluation' listing
Testing documents (EAL)
Product generally shipped to lab
What is the Common Criteria?
The Common Criteria (CC) is an international standard for evaluating the security properties of IT products. It defines a framework for the oversight of evaluations, syntax for specifying the security requirements to be met and a methodology for evaluating those requirements. The CC is used by governments and other organizations around the world to assess the security of information technology products and is often specified as a pre-requisite to procurement.
For more information or to obtain the standard: