COMMON CRITERIA
VERSION 2.1 / ISO IS
15408
(last updated: 19 September 2000)
The Common Criteria for Information Technology
Security Evaluation (CC) version 2.1:
The Common
Criteria Implementation Board (CCIB), working in cooperation with the
International Organization for Standardization (ISO), has completed all
technical development of the CC based on trial-use and public review. The
CC version
2.1 and its ISO clone, International Standard
(IS) 15408 are both available for full
use.
- ISO approved and published the CC text as the new
International Standard (IS)
15408 on 1 December 1999. ISO has since made the
electronic text of IS 15408 freely downloadable - check
the ISO/ITTF website under the "Publicly Available
ISO/IEC Standards" heading. For your convenience, IS 15408 is also posted here in *much* smaller zipped files.
- The CC Project has made some minor modifications to
the earlier CC version 2.0, in order to incorporate those final editorial
changes made by ISO. The revised CC version 2.1 (posted below) and IS 15408 are now fully aligned and are equivalent. The
Foreword to CC version 2.1 states:
"This version of the Common Criteria
for Information Technology Security Evaluation (CC 2.1) is a revision that
aligns it with International Standard ISO/IEC 15408:1999. In addition, the
document has been formatted to facilitate its use. Security specifications
written using this document, and IT products/systems shown to be compliant
with such specifications, are considered to be ISO/IEC 15408:1999
compliant."
- Version 2.1 of the CC and its ISO identical
twin, IS 15408, supersede version
2.0 and will be used henceforth, both
within the CC community and ISO. Note that they also supersede the older trial-use version
1.0.
TO VIEW OR DOWNLOAD
COMMON CRITERIA
FILES
- NOTICE of Free Downloading and Unrestricted
Use:
The public is free to download the CC
files posted here and locally print and distribute them as desired for
personal and organizational use.
Specifically, the CC may be reproduced and used,
without alteration, addition, or deletion, for any nonpecuniary or
nonpublishing purpose without permission. The CC Project Sponsoring
Organizations have no intent to restrict you from doing that, rather
they encourage it. The purpose of making the CC freely available to you is for you
to be able to use it! The sole purpose of the copyright announcement in the foreword
of the CC is to make sure that nobody else copyrights or modifies the material without the Sponsoring
Organizations' permission, which might thereby restrict their and the public's
full and free use of it. However, there is no intent to restrict the public
in any way from freely distributing and using the CC material as-is. Note
that ISO has been expressly permitted to use the CC material for development
of the International Standard 15408, which it has been doing since
1994.
COMMON CRITERIA VERSION
2.1(aligned with IS 15408):
- CC version 2.1 in Adobe Acrobat PDF
Format:
((For info on downloading the
latest Acrobat Reader free from Adobe, click here.)
- CC version 2.1 in FrameMaker5
Format:
(For info on downloading the latest
FrameMaker Reader free from Adobe, click here.)
ISO/IEC International Standard
(IS) 15408, Parts 1 thru 3
(aligned with CC version 2.1):
Note: IS 15408 is officially posted on the ISO/IEC's
website. It is posted here in zipped form for your
downloading convenience. FYI, the relative differences in file sizes between IS
15408 and CCv2.1 is caused by different ISO and CC Project document formatting
conventions, not content.
- IS 15408 in zipped Adobe Acrobat PDF
Format:
((For info on downloading the
latest Acrobat Reader free from Adobe, click here.)
NOTE: The older versions 1.0 and 2.0 (still posted here) may also continue to
have limited applicability for those Protection Profiles, Security Targets, and
Targets of Evaluation (products) that were developed against them. However, it
is strongly advised that version 1.0 and 2.0 NOT be used for any new work, and
that all such older work be revised to conform to the new version 2.1 as time
permits.
Return to CC PROJECT
HOMEPAGE
FURTHER INFORMATION:
For further information from NIST
about the CC Project, please contact: criteria@nist.gov, phone: +1.301.975.3361,
fax: +1.301.948.0279.