Common Criteria and Protection Profiles: How to Evaluate Information

by Kathryn Wallace
Sept. 1, 2017 0 comments SANS Institute standards

The purpose of this paper is to discuss the standards of Common Criteria and the security framework provided by the Common Criteria. In addition, this paper will review the background and applicability of Common Criteria Protection Profiles established to evaluate specific Information Technology (IT) functional and assurance security requirements. The Common Criteria (CC) security framework establishes a methodology to apply security standards to an IT system or product and establishes the understanding of how specific Protection Profiles (PP) fit into the overall CC process.