Standards we work with2018-09-21T02:15:25+00:00

The standards containing the evaluation criteria and methodology supported by TrustCB are as follows:

The Common Criteria (CC), aligned with ISO/IEC 15408, which consists of three parts.

Part 1: Introduction and general model Presents an introduction to CC, establishing the general concepts and principles of IT security evaluation. It specifies the general model of evaluation given by the three parts of the CC, which can be used as the basis for evaluation of security properties of IT products.
Part 2: Security functional components A catalogue of security functional requirements that can be used in to specify IT security requirements for a product in a Protection Profile or a Security Target, which can be assessed in a security evaluation using the CC model.
Part 3: Security assurance components A catalogue of assurance components that can be used to express the requirements for evaluating Protection Profiles, Security Target and IT products. It includes the definition of Evaluation Assurance Levels (EALs), which are pre-defined groups of assurance requirements that define a scale (EAL1 to EAL7, inclusive) for measuring assurance.

The Common Evaluation Methodology (CEM), aligned with ISO/IEC 18045, is a companion to the Common Criteria. It describes the minimal actions to be performed by an evaluator when analysing a product and its associated evidence in accordance with functional security requirements and assurance requirements taken from the Common Criteria and stated in a Security Target for the given product

The most recent version of the CC and CEM is: Version 3.1 (Revision 5), which is provided in the following files (available at https://www.commoncriteriaportal.org/cc):

  • CC v3.1 Part 1 in file “CC PART 1 v3_1 r5.pdf”
  • CC v3.1 Part 2 in file “CC PART 2 v3_1 r5.pdf”
  • CC v3.1 Part 3 in file “CC PART 3 v3_1 r5.pdf”
  • CEM v3.1 in file “CEM v3_1 r5.pdf”