Common Criteria

The Common Criteria for Information Technology Security Evaluation ( briefly also Common Criteria or CC; German about General criteria for evaluating the security of information technology ) are an international standard on the criteria of evaluation and certification of the security of computer systems in terms of data security ( unauthorized manipulation of data ). To be distinguished of these is the Privacy Policy, which is not addressed in the CC.

• 5.1 Functional Classes
• 5.2 trustworthiness

History

In June 1993, the Common Criteria Editorial Board ( CCEB ) began with members from Canada, France, Germany, Great Britain and the United States with the drafting of the Common Criteria. For this, the previous standards CTCPEC ( Canadian ), ITSEC ( European) and TCSEC ( American) gleichte the CCEB at each other. Thus, a common accepted basis for reviews of data security was created. This is to prevent components or systems need to be assessed and certified several times in different countries. The first version (1.0) was published in January 1996. Version 2.0 followed by a long revision phase by the newly formed CC Implementation Board ( CCIB ) in May 1998. Among the so-called project sponsors belonged since this version in addition to the previously mentioned countries and the Netherlands.

ISO / IEC standard

Since 1994, the International Organization for Standardization (ISO) was working in partnership with the CCEB or the successor CCIB to develop an international standard. The adoption of ISO / IEC 15408 on 1 December 1999 in several documents are the Common Criteria, a general and globally recognized standard. This standard is subject to customary amendment procedure of the ISO. In 2005, Version 2.3 was followed, in September 2006, a jump to version 3.1. New project sponsors have since Australia, New Zealand, Japan and Spain. In September 2012, the fourth revision of the Common Criteria 3.1 was released.

Process model

The review is divided, as in ITSEC and the older BSI Standard ITS, in the evaluation of the functionality (functionality ) of the system under consideration and trustworthiness ( quality). The latter must be considered according to the criteria of the effectiveness of the methods used and the correctness of the implementation. The procedure can be understood as a feedback waterfall model

Ideally, an independent safety assessment of finished products is performed first, which results in the creation of a general protection profile. For this security catalog can selectively safety standards are developed, against the then the evaluation is conducted in accordance with CC for certain products. The required reliability, the test depth, generally in accordance with EAL ( Evaluation Assurance Level, see below) is set. An indication of the depth of testing with no underlying functional safety requirements is pointless. Especially the mention of the EAL levels without further information has prevailed, which in many cases leads to irritation and heated debates.

In December 1999, the Common Criteria for International Standard ISO / IEC 15408 have been declared. The German share of the work is, inter alia, by DIN NIA 01-27 IT security procedures supervised.

The CC comprises three parts:

• Part 1: Introduction and general model / Introduction and General Model
• Part 2: Security Functional Requirements / Functional Requirements
• Part 3: Requirements for Reliability / Assurance Requirements

In Germany, the standard parts as DIN standards DIN ISO / IEC 15408-1 published ... 3.

Certification

The product must first be evaluated by an accredited testing and then be certified by the Federal Office for Information Security (BSI ) and the partner organizations of other countries.

International Recognition

A certification according to the Common Critiera internationally (see below) mutually recognized to EAL4. Higher EALs do not have to be recognized internationally, but have in the private sector because of their enormous complexity anyway little practical significance. Within Europe and certifications to EAL 7 are accepted under certain circumstances within the so-called SOGIS agreement and within certain technical areas.

Paradigm of criteria

The fundamental paradigm of Common Criteria is to separate the consideration of functionality and assurance. Basically done by the criteria no requirement that a certain functionality must be implemented, or that this must be checked with a certain trustworthiness. Both aspects are at the beginning of the evaluation by the manufacturer of the product in a document, the so- called security target defined.

Functionality classes

In contrast to previous standards, the functionality classes are not hierarchically structured. Instead, each class describes a specific basic function of the security architecture that must be rated separately. Important classes of functionality are:

• FAU (Security audit )
• FCO (communication )
• FCS ( cryptographic support)
• FDP ( User data protection )
• FIA ( Identification and Authentication )
• FMT ( Security Management)
• FPR ( privacy )
• FPT (Protection of the Security Functions)
• FRU ( resource use)
• FTA ( interface)
• FTP ( trusted path / channel)

Functionality classes are combined to protection profiles that describe the typical functions of certain products (eg, firewalls, smart cards, etc.).

Trustworthiness

The Common Criteria define seven levels of trustworthiness ( Evaluation Assurance Level, EAL1 -7), which describe the correctness of the implementation of the system under consideration and the depth of testing. With increasing level of trust the demands on the depth at which must describe the product, the manufacturer and the product is tested. The following table gives an overview of the evaluation assurance level and compares them with depths also in other criteria.

Methodology of evaluation for certification

In addition to the Common Criteria certification methodology was developed by the participating agencies and institutions, which will make the results of certifications understandable and comparable. Currently they are running for the parts 1 and 2 and constructed analogously to the EAL 1-4.

Criticism

The Common Criteria is a very formal approach to reason, which is required as a basis for the international recognition of certificates. This leads to the frequent criticism that will be tested in exams according to Common Criteria too much paper and too little product.

The evaluation according to CC is generally quite complex and takes some time to complete. This too often leads to criticism of the application of these criteria.