| Common Criteria (CC) is a set of standards designed | | | | a hierarchical system for determining security levels. |
| to establish an effective way of determining the level | | | | Based on the similarities and differences of TCSEC |
| of security of a Target of Evaluation (TOE). These | | | | and ITSEC and the global need for IT security, it was |
| standards were established by a multi-national board | | | | necessary to agree upon a standardized multi-national |
| of IT security groups. In coalition with many groups that | | | | class set to ensure assurance and compatibility across |
| are responsible for national standards, the CC was | | | | many nations, thus inspiring the design and |
| able to take form, some of these groups criterion | | | | implementation of the Common Criteria. |
| include: | | | | The purpose of the Common Criteria is to establish a |
| Trusted Computer System Evaluation Criteria | | | | single set of IT security criteria for global use. The |
| (TCSEC)- These standards represent the criteria | | | | purpose was also to resolve the conceptual and |
| needed, and trusted by the United States companies | | | | technical differences found in the different criteria and |
| and businesses to ensure security of a TOE. The | | | | deliver the results to ISO as a proposed standard. |
| approach in these criteria is based on a security level | | | | Common Criteria was the product of multinational |
| classification. | | | | corporation. The globalization of this standard saves |
| Information Technology Security Evaluation Criteria | | | | time and money because it eliminates the need for |
| (TCSEC)- Like its North American Counterpart, these | | | | multiple evaluations when doing international business. |
| sets of standards were designed for classifying the | | | | Common Criteria focuses on security objectives and |
| security levels of a TOE, limited to European countries. | | | | the related threats. |
| Unlike TCSEC, ITSEC set of standards makes use of | | | | |