The IT Law Wiki

Common Criteria for Information Technology Security

32,076pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

The Common Criteria for Information Technology Security (CCITS) is

[a] standard for evaluating information technology (IT) products and systems. It states requirements for security functions and for assurance measures.[1]

Overview Edit

The standard addresses data confidentiality, data integrity, and availability and may apply to other aspects of security. It focuses on threats to information arising from human activities, malicious or otherwise, but may apply to non-human threats. It applies to security measures implemented in hardware, firmware, or software.

It does not apply to (a) administrative security not related directly to technical security, (b) technical physical aspects of security such as electromagnetic emanation control, (c) evaluation methodology or administrative and legal framework under which the criteria may be applied, (d) procedures for use of evaluation results, or (e) assessment of inherent qualities of cryptographic algorithms.[2]

References Edit

  1. RFC 4949, at 69.
  2. Id.

Also on Fandom

Random Wiki