0 ... 3 4 5 7 8 9 ... 20
f) evaluation authorities responsible for the management and oversight of IT security evaluation programmes.
3.3 Evaluation context
In order to achieve greater comparability between evaluation results, evaluations should be performed within the framework of an authoritative evaluation scheme that sets the standards, monitors the quality of the evaluations and administers the regulations to which the evaluation facilities and evaluators must conform.
The CC does not state requirements for the regulatory framework. However, consistency between the regulatory frameworks of different evaluation authorities will be necessary to achieve the goal of mutual recognition of the results of such evaluations. Figure 3.1 depicts the major elements that form the context for evaluations.
Use of a common evaluation methodology contributes to the repeatability and objectivity of the results but is not by itself sufficient. Many of the evaluation criteria require the application of expert judgement and background knowledge for which consistency is more difficult to achieve. In order to enhance the consistency of the evaluation findings, the final evaluation results could be submitted to a certification process. The certification process is the independent inspection of the results of the evaluation leading to the production of the final certificate or approval. The certificate is normally publicly available. It is noted that the certification process is a means of gaining greater consistency in the application of IT security criteria.
The evaluation scheme, methodology, and certification processes are the responsibility of the evaluation authorities that run evaluation schemes and are outside the scope of the CC.
Final Evaluation Results
I Approve/ \ Certify Г
List of Certificates/ Register
Figure 3.1 - Evaluation context
3.4 Organisation of Common Criteria
The CC is presented as a set of distinct but related parts as identified below. Terms used in the description of the parts are explained in clause 4.
a)Part 1, Introduction and general model, is the introduction to the CC. It defines general concepts and principles of IT security evaluation and presents a general model of evaluation. Part 1 also presents constructs for expressing IT security objectives, for selecting and defining IT security requirements, and for writing high-level specifications for products and systems. In addition, the usefulness of each part of the CC is described in terms of each of the target audiences.
b)Part 2, Security functional requirements, establishes a set of functional components as a standard way of expressing the functional requirements for TOEs. Part 2 catalogues the set of functional components, families, and classes.
c)Part 3, Security assurance requirements, establishes a set of assurance components as a standard way of expressing the assurance requirements for TOEs. Part 3 catalogues the set of assurance components, families and classes. Part 3 also defines evaluation criteria for PPs and STs and presents evaluation assurance levels that define the predefined CC scale for rating assurance for TOEs, which is called the Evaluation Assurance Levels (EALs).
In support of the three parts of the CC listed above, it is anticipated that other types of documents will be published, including technical rationale material and guidance documents.
The following table presents, for the three key target audience groupings, how the parts of the CC will be of interest.
Table 3.1 - Roadmap to the Common Criteria
4 General model
This clause presents the general concepts used throughout the CC, including the context in which the concepts are to be used and the CC approach for applying the concepts. Part 2 and Part 3 expand on the use of these concepts and assume that the approach described is used. This clause assumes some knowledge of IT security and does not propose to act as a tutorial in this area.
The CC discusses security using a set of security concepts and terminology. An understanding of these concepts and the terminology is a prerequisite to the effective use of the CC. However, the concepts themselves are quite general and are not intended to restrict the class of IT security problems to which the CC is applicable.
4.1 Security context 4.1.1 general security context
Security is concerned with the protection of assets from threats, where threats are categorised as the potential for abuse of protected assets. All categories of threats should be considered; but in the domain of security greater attention is given to those threats that are related to malicious or other human activities. Figure 4.1 illustrates high level concepts and relationships.
wish to minimise
that may be
that may possess
may be aware of
give rise to
wish to abuse and/or may damage
Figure 4.1 - Security concepts and relationships
0 ... 3 4 5 7 8 9 ... 20