{"id":505,"date":"2012-02-06T17:16:34","date_gmt":"2012-02-06T15:16:34","guid":{"rendered":"http:\/\/saisa.eu\/blogs\/Guidance\/?p=505"},"modified":"2012-03-01T13:27:01","modified_gmt":"2012-03-01T11:27:01","slug":"common-criteria-main-links","status":"publish","type":"post","link":"https:\/\/saisa.eu\/blogs\/Guidance\/?p=505","title":{"rendered":"Common Criteria, main links"},"content":{"rendered":"<p>Wikipedia: <a href=\"http:\/\/en.wikipedia.org\/wiki\/Common_Criteria\">Common Criteria<\/a> is a framework in which<\/p>\n<ul>\n<li>computer <strong>system users can specify<\/strong> their security functional and assurance requirements,<\/li>\n<li><strong>vendors can then implement<\/strong> and\/or make claims about the security attributes of their products, and<\/li>\n<li>testing <strong>laboratories can evaluate<\/strong> the products to determine if they actually meet the claims.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" height=\"505\" alt=\"CommonCriteria\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2012\/02\/commoncriteria.png\" width=\"545\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Links<\/strong><\/p>\n<ul>\n<li><a href=\"http:\/\/www.commoncriteriaportal.org\/cc\/\">Documents<\/a> are available from the main site.<\/li>\n<li>To search for certified products, one can start <a href=\"http:\/\/www.commoncriteriaportal.org\/products\/\">here<\/a>.<\/li>\n<li>List of laboratories is <a href=\"http:\/\/www.commoncriteriaportal.org\/labs\/\">here<\/a>.<\/li>\n<li><a href=\"http:\/\/www.11iccc.org.tr\/2%20-%20ID%2086%20Quang%20Trinh%20-%20Security%20Tools%20for%20CC%20Testing.pdf\">Tools<\/a> used for testing.<\/li>\n<li>ISO Standards<\/li>\n<li>ISO\/IEC <a href=\"http:\/\/www.iso.org\/iso\/iso_catalogue\/catalogue_tc\/catalogue_detail.htm?csnumber=50341\">15408-1:2009<\/a> Evaluation criteria for IT security &#8212; Part 1: Introduction and general model<\/li>\n<li>ISO\/IEC <a href=\"http:\/\/www.iso.org\/iso\/iso_catalogue\/catalogue_tc\/catalogue_detail.htm?csnumber=46414\">15408-2:2008<\/a> Evaluation criteria for IT security &#8212; Part 2: Security functional components<\/li>\n<li><a href=\"http:\/\/www.iso.org\/iso\/iso_catalogue\/catalogue_tc\/catalogue_detail.htm?csnumber=46413\">ISO\/IEC 15408-3:2008<\/a> Evaluation criteria for IT security &#8212; Part 3: Security assurance components<\/li>\n<\/ul>\n<p><strong>EAL<\/strong><\/p>\n<p>Important concept is <a href=\"http:\/\/en.wikipedia.org\/wiki\/Evaluation_Assurance_Level\">Evaluation Assurance Level<\/a> (EAL):<\/p>\n<ul>\n<li>EAL1: Functionally Tested<\/li>\n<li>EAL2: Structurally Tested<\/li>\n<li>EAL3: Methodically Tested and Checked<\/li>\n<li>EAL4: Methodically Designed, Tested, and Reviewed<\/li>\n<li>EAL5: Semiformally Designed and Tested<\/li>\n<li>EAL6: Semiformally Verified Design and Tested<\/li>\n<li>EAL7: Formally Verified Design and Tested<\/li>\n<\/ul>\n<p><strong>Implementation Cost and effort<\/strong><\/p>\n<p>The following figure related to costs is taken from <a href=\"http:\/\/en.wikipedia.org\/wiki\/Evaluation_Assurance_Level\">wikipedia<\/a><\/p>\n<p><a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2012\/02\/common_criteria_evaluation_costs.gif\"><img loading=\"lazy\" height=\"341\" alt=\"Common Criteria evaluation costs\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2012\/02\/common_criteria_evaluation_costs-small.gif\" width=\"640\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Wikipedia: Common Criteria is a framework in which computer system users can specify their security functional and assurance requirements, vendors can then implement and\/or make claims about the security attributes of their products, and testing laboratories can evaluate the products &hellip; <a href=\"https:\/\/saisa.eu\/blogs\/Guidance\/?p=505\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[58,43,26,44],"tags":[],"_links":{"self":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/505"}],"collection":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=505"}],"version-history":[{"count":1,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/505\/revisions"}],"predecessor-version":[{"id":560,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/505\/revisions\/560"}],"wp:attachment":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=505"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=505"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}