Overview#Common Criteria for Information Technology Security Evaluation (Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification.
Common Criteria is a framework in which computer system users can specify their Security Functional Requirements (SFR) and Security Assurance Requirement (SAR) through the use of Protection Profiles (PPs) within a Security Target (ST), vendors can then implement and/or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims.
In other words, Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use.
Common Criteria for Information Technology Security Evaluation (CC) specifies an Evaluation Assurance Level (EAL) that indicates how thoroughly security was reviewed and tested. Levels range from EAL1 (functionally tested) to EAL7 (formally verified design and tested). Common Criteria for Information Technology Security Evaluation testing allows customers in any of the approving countries to purchase products with confidence in their security to the assigned level.