Definition: Common Criteria

The Common Criteria for Information Technology Security Evaluation (CC) is part of an international agreement for defining security objectives using agreed-upon terminology, for evaluating compliance with those objectives and for certifying products. The Common Criteria (CC) includes the Common Methodology for Information Technology Security Evaluation (CEM), which defines the minimum actions to conduct a CC evaluation. The Common Criteria Recognition Arrangement (CCRA) is an agreement whereby nations agree to accept the results of each other's security testing and evaluations.

The U.S. signatories, NSA and NIST, working jointly for the National Information Assurance Partnership (NIAP), have developed the Common Criteria Evaluation and Validation Scheme (CCEVS), which summarizes all the standards used by the U.S. that conform to the Common Criteria.

The Common Criteria have largely replaced the Trusted Computer Security Evaluation Criteria (TCSEC), the Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) and the European Information Technology Security Evaluation Criteria (ITSEC).