Standards

The official version of the 'Common Criteria' is version 3.1.

The Common Criteria (CC) consists of three parts:
Part 1: Introduction and general model presents an introduction to CC. This is where the concept and the principles of IT security evaluation are defined, as well as a model for how evaluation is carried out.

Part 2: Security functional requirements is a catalogue of the functional components which in a standardised manner can be used to specify IT security requirements for a product in a Protection Profile or a Security Target.

Part 3: Security assurance requirements is a catalogue of so-called assurance components which can be used to express the requirements for evaluating an IT product in a Protection Profile or a Security Target. Part 3 also defines the requirements for evaluating Protection Profiles and Security Targets, as well as defining the so-called Evaluation Assurance Levels, EALs. The EALs are pre-determined groups of assurance components that according to a scale defined in the CC (EAL 1 to EAL 7, inclusive) establish greater confidence in the product though an increasing scope of quality evaluation.

The Common Evaluation Methodology (CEM)
The CEM is a supplement to CC parts 1, 2 and 3, and describes the minimal measures an evaluator must take when a product is examined with regard to the functional security requirements and assurance requirements stated in the Security Target for the given product.

Version 3.1 (Revision 5)
CC v3.1 Part 1 [CC PART 1 v3_1 r5.pdf]
CC v3.1 Part 2 [CC PART 2 v3_1 r5.pdf]
CC v3.1 Part 3 [CC PART 3 v3_1 r5.pdf]
CEM v3.1 [CEM v3_1 r5.pdf]

All documents can be found at www.commoncriteriaportal.org/cc