ABSTRACT
This chapter begins with the historical evaluation criteria, such as the Trusted Computer System Evaluation Criteria. It provides a quick introduction to the National Information Assurance Partnership (NIAP) and explains the role it plays in Common Criteria Evaluation. NIAP is a US Government (USG) initiative designed to meet the security testing, evaluation, and assessment needs of both Information Technology (IT) producers and consumers. The security requirements reflect two items: a fine-tuning of the security objectives into a set of security requirements for the Target of Evaluation (TOE); and a set of security requirements for the environment that, if met, will ensure that the TOE can meet its security objectives. The Common Criteria (CC) philosophy is to provide assurance based upon an evaluation of the IT product or system that is to be trusted. The CC contains a set of predefined evaluation assurance levels constructed using components from the assurance families.
