7 Interesting Facts About Common Criteria
Residence Enterprise Journal On-line
Frequent Standards for Data Expertise Safety Analysis (CC) is an internationally accepted and scalable set of cybersecurity certification requirements (ISO 15408). Frequent Standards certification ensures that the assessments of the related IT product have been accomplished to constantly excessive standards, in a rigorous, standardized, and repeatable method. This text gives perception into this matter and presents 7 attention-grabbing info about Frequent Standards.
1. Internationally acknowledged IT safety certification
Initially, Common Criteria was developed in collaboration with six nations: Germany, France, the UK, the Netherlands, Canada, and the USA. Right this moment, Frequent Standards are the driving power behind the broadest mutual acceptance of safe IT merchandise out there. It’s acknowledged by the 31 CCRA member nations and valued by their Federal and Authorities entities.
2. CC analysis course of can enhance the assessed IT product
The Frequent Standards analysis course of enhances an IT product or system by exposing vulnerabilities that could be mounted earlier than introducing it to the market. This additionally helps to keep away from expensive post-release updates. Moreover, Frequent Standards certification is an efficient device for retaining the enterprise setting aggressive. To be able to compete with different well-established cybersecurity options which have beforehand been assessed, CC analysis and certification are essential for the given IT product.
3. Three important events are concerned in a Frequent Standards certification course of
There are three major events concerned within the Frequent Standards analysis course of:
- The Certification Physique is accountable for issuing Frequent Standards certifications.
- Sponsors and builders that submit their system or IT product for analysis. Within the case of enormous firms, this position is usually the identical.
- The unbiased and approved laboratory that carries out the evaluation.
4. A complete of seven Evaluated Assurance Ranges are outlined within the Frequent Standards
Earlier than beginning the evaluation process, the Sponsor or Developer has to pick the Evaluated Assurance Degree towards which the Frequent Standards analysis will likely be carried out.
There are 7 EAL ranges outlined within the Frequent Standards:
- EAL1: Functionally Examined
- EAL2: Structurally Examined
- EAL3: Methodically Examined and Checked
- EAL4: Methodically Designed, Examined, and Reviewed
- EAL5: Semi-Formally Designed and Examined
- EAL6: Semi-Formally Verified Design and Examined
- EAL7: Formally Verified Design and Examined
5. There’s a gradual however regular development within the variety of Frequent Standards certifications worldwide
Since 2010, a complete of 1645 IT merchandise have been licensed, with 589 of them being ICs, sensible playing cards, sensible card-related units, and programs. Different common product classes embody Community and Community-Associated Gadgets (237 Frequent Standards certifications) and Multi-Perform Gadgets (233 CC certifications). Other than these, a number of Working Techniques, Databases, Entry Management Gadgets, Boundary Safety Gadgets, and Techniques handed the Frequent Standards evaluation course of efficiently.
Lately, the variety of issued certifications has elevated by a mean of 10%.
6. New Zealand turned a certificate-consuming nation
After a few years of the shut alliance between Australia and New Zealand in managing the Australasian Certification Authority, New Zealand has opted to surrender its authorizing place and stay a certificate-consuming nation within the CCRA. That is to extra precisely signify New Zealand’s contribution to the Australasian Data Safety Analysis Program (AISEP) and the CCRA. The AISEP program identify has been modified from ‘Australasian’ to ‘Australian’ to higher signify this system’s standing as a certificates authorizing nation of the CCRA. These modifications took impact in October 2021.
7. EUCC is changing the European SOGIS mutual recognition settlement
The EUCC cybersecurity system developed by ENISA (the European Union Company for Cybersecurity) will take the place of the present European SOGIS mutual recognition settlement (Senior Officers Group for Data Techniques). EUCC is a Frequent Standards-based certification system that mixes the globally acknowledged, confirmed methodologies of Frequent Standards with new ideas to provide stakeholders a recent and versatile answer, comparable to patch administration for licensed programs and merchandise.