History
The Common Criteria history
The Common Criteria for Information Technology Security Evaluation (aka. Common Criteria) was developed by the governments of Canada, France, Germany, Netherlands, UK, and U.S. in the mid-90’s.
Common Criteria was produced by the willing to unify the security evaluation standards existing at this time: the European ITSEC standard, developed by France, Germany, the Netherlands and the UK; the U.S. TCSEC standard (aka. Orange Book) developed by the United States Department of Defense and the Canadian CTCPEC derived from the TCSEC standard.
By unifying security evaluation criteria, the objective was to avoid reevaluation of products addressing international markets.
Common Criteria version 1.0 was issued in 1994.
In order to enlarge the community of contributors and to target an international endorsement of the criteria, Common Criteria became the ISO/IEC 15408 standard in 1999. The ISO version corresponds to the version 2.1 of the Common Criteria document edited by the Common Criteria Management Board.
Continuing the willing to reduce the need for reevaluations, an arrangement allowing the mutual recognition of Common Criteria certificates has been signed in May 2000 (http://www.commoncriteriaportal.org/ccra/).
The Participants in this Arrangement share the following objectives:
- to ensure that evaluations of Information Technology (IT) products and protection profiles are performed to high and consistent standards and are seen to contribute significantly to confidence in the security of those products and profiles;
- to improve the availability of evaluated, security-enhanced IT products and protection profiles;
- to eliminate the burden of duplicating evaluations of IT products and protection profiles;
- to continuously improve the efficiency and cost-effectiveness of the evaluation and certification/validation process for IT products and protection profiles.
Today 26 nations are participants of the Arrangement.
In order to take into account the evolution of the technology and the progress in security evaluation techniques, Common Criteria continuously evolves. The current applicable versions of the Common Criteria are the CC version 3.1 revision 3 and the ISO/IEC 15408:2009 standard.
ICCC history
In order to support the CC Recognition Arrangement, the CC Management Committee decided to organize an annual International Common Criteria Conference (ICCC) offering certification/validation schemes, evaluation laboratories, product developers but also system integrators and products users to exchange experience on the application of the Common Criteria.
The previous ICCC conferences have been organized in the following locations:
|
Date |
Venue |
|
May 23-25, 2000 |
Baltimore, Maryland, United States of America |
|
July 18-19, 2001 |
Brighton, United Kingdom |
|
13-14 May, 2002 |
Ottawa, Canada |
|
7-9 September, 2003 |
Stockholm, Sweden |
|
28-30 September, 2004 |
Berlin, Germany |
|
28-29 September, 2005 |
Tokyo, Japan |
|
19-21 September, 2006 |
Lanzarote, Spain |
|
25-27 September, 2007 |
Rome, Italy |
|
23-25 September, 2008 |
Jeju, South Korea |
|
22-24 September, 2009 |
Tromsø, Norway |
|
21-23 September 2010 |
Atalya, Turkey |
|
27-29 September 2011 |
Kuala Lumpur, Malaysia |
The ICCC 2012 will occur in Paris on 18-20 September 2012.
Please find more informations in the newsletter of July.