Not long ago, IdeaHub was certified by Common Criteria (CC) EAL3+ and received a CC EAL3+ class certificate. So, what is CC? I'll take you to learn about CC.
Nowadays, the problem of information security is becoming more and more serious, and security incidents occur frequently. Information security has become an important issue related to national politics, economy, society, and national defense security. For consumers, whether the software product design is comprehensive, whether sufficient confidentiality measures are provided, and whether the document is perfect are very important. CC certification allows consumers to use products more at ease.
What is CC
CC is short for Common Criteria. It is used to comprehensively evaluate the security functions and security assurance capabilities of IT products based on the general standards for information technology security assessment, involving product design, development, and security functions. Currently, 31 countries have signed the Common Criteria Recognition Arrangement (CCRA) mutual recognition agreement, and 17 countries can issue certificates. CC certification has been adopted and recognized by 31 countries, making it an authoritative security certification widely recognized worldwide.
Historical evolution of CC
CC Level
The CC divides the evaluation process into two parts: function and assurance. The evaluation level is EAL1, EAL2, EAL3, EAL4, EAL5, EAL6, and EAL7. The higher the level is, indicates that the more security assurance requirements that need to be met through authentication, the more reliable the security features of the system, and the more comfortable consumers are. EAL does not measure the security of the system itself, but only the severity of the test. To achieve a specific EAL level, the product or system must meet specific security assurance requirements. Each level of CC evaluates seven functional categories: configuration management, distribution and operations, development process, guidance literature, life-cycle technical support, testing, and vulnerability assessment.
CC Applicability
CC applies to all IT products, whether hardware or software, and can be evaluated under the same framework.
The CC uses the authentication+detection mode. Participating parties mainly include certification organizations, inspection enterprises and testing organizations. The enterprise submits the product data, and the testing organization implements the testing. The certification institution shall supervise and manage the testing activities of the testing institution, examine and approve the reports issued by the testing institution, and issue certificates to the enterprises submitted for inspection upon approval.
Hope it can help you to learn CC.
