Q:What is the Common Criteria (CC)?

The Common Criteria for Information Technology Security Evaluation is referred to as the CC. It is a standard for evaluating ICT security products against two types of requirements:

  security functional requirements

  security assurance requirements.

A CC-evaluated ICT security product is certified to meet a list of vendor- claimed security functions and satisfies a level of assurance. The CC also has an International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) equivalent standard of ISO/IEC 15408.