ABSTRACT
Delineating the purpose and intended use of the CC and, conversely, situations not covered by the CC
Explaining the major concepts and components of the CC methodology and how they work
Illustrating how the CC relate to other well-known national and international standards
Discussing the CC user community and stakeholders
Looking at the future of the CC
The Common Criteria, referred to as “the standard for information security,”
represent the culmination of a 30-year saga involving multiple organizations from around the world. The major events are discussed below and summarized in Exhibit 1. A common misperception is that computer and network security began with the Internet. In fact, the need for and interest in computer security (or COMPUSEC) has been around as long as computers have. Primarily defense and intelligence systems employed COMPUSEC in the past. The intent was to prevent deliberate or inadvertent access to classified information by unauthorized personnel or the unauthorized manipulation of the computer and its associated peripheral devices that could lead to the compromise of classified information.