Version 1.2 of ITSEC was issued for experimental use in the EU. At the same time the draft of Common Criteria (CC) was elaborated under the support of the EU, US and Canadian governments, aimed at harmonizing the contents and technical differences of the former recommendations.
Version 2.0 of Common Criteria was published in 1998. The CC 2.0 document was also published, with the same contents, by ISO/IEC with the number 15408, entitled “Common Criteria for Information Technology Security Evaluation, version 2.0”.
Work aimed at processing and naturalizing CC in Hungary started in 1997, then in 1998 the Inter-ministerial Committee for Information Technology (ITB) issued its recommendation No. 16. The naturalization of the latest version (2.1) is currently underway.
The main characteristics of Common Criteria are as follows:
- It determines uniform requirements that are independent of the mode of implementation.
- It provides a uniform method of evaluation for the evaluation and certification of IT systems and products in respect of IT security.
- It determines the catalog of security requirements for IT systems comprising categories of several levels.
- It can be equally applied for examining software and hardware.
- The products can be selected in a flexible way, as the requirements are not specific to hardware or software.
- Security functionality can be defined, which means the Protection Profiles in the terms of CC, which can be independently classified in one of the seven Evaluation Assurance Levels, or EALs, determined in CC.