Читать книгу The Official (ISC)2 CCSP CBK Reference - Leslie Fife, Aaron Kraus - Страница 102

Common Criteria (CC) is an international set of guidelines and specifications to evaluate information security products. There are two parts to CC:

 Protection profile: Defines a standard set of security requirements for a specific product type, such as a network firewall. This creates a consistent set of standards for comparing like products.

 Evaluation assurance level: Scored from level 1 to 7, with 7 being the highest. This measures the amount of testing conducted on a product. It should be noted that a level 7 product is not automatically more secure than a level 5 product. It has simply undergone more testing. The customer must still decide what level of testing is sufficient. One reason to not subject every product to level 7 is the cost involved.

The testing is performed by an independent lab from an approved list. Successful completion of this certification allows sale of the product to government agencies and may improve competitiveness outside the government market as CC becomes better known. The goal is for products to improve through testing. It also allows a customer to consider two versions of a security product.