Fandom

The IT Law Wiki

Common Criteria for Information Technology Security

32,199pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definition Edit

The Common Criteria for Information Technology Security (CCITS) is

[a] standard for evaluating information technology (IT) products and systems. It states requirements for security functions and for assurance measures.[1]

Overview Edit

The standard addresses data confidentiality, data integrity, and availability and may apply to other aspects of security. It focuses on threats to information arising from human activities, malicious or otherwise, but may apply to non-human threats. It applies to security measures implemented in hardware, firmware, or software.

It does not apply to (a) administrative security not related directly to technical security, (b) technical physical aspects of security such as electromagnetic emanation control, (c) evaluation methodology or administrative and legal framework under which the criteria may be applied, (d) procedures for use of evaluation results, or (e) assessment of inherent qualities of cryptographic algorithms.[2]

References Edit

  1. RFC 4949, at 69.
  2. Id.

Also on Fandom

Random Wiki