Confidently erase data in active environments and from used IT assets.
Boost services throughout the device lifecycle—from first sale to end-of-life.
Expedite processes, recover more marketable product, and increase services.
Home » Resources » What is Common Criteria Certification, and Why Is It Important?
The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard for computer security certification. It is presently in version 3.1 revision 5. What is Common Criteria Certification? Common Criteria is a framework in which computer system users can specify their security functional requirements (SFRs) and security functional assurance requirements (SARs) using Protection Profiles (PPs). Technology vendors can then implement and/or make claims […]
Katie Moss Jefcoat
Katie has launched and supported marketing campaigns for B2B technology companies since 2011. From 2016 to 2021, Katie served Blancco in the roles of content manager and senior product marketing manager, communicating the features and benefits of Blancco products, evaluating market and competitive trends, supporting sales enablement, and representing the voice of the customer.
The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard for computer security certification. It is presently in version 3.1 revision 5.
Common Criteria is a framework in which computer system users can specify their security functional requirements (SFRs) and security functional assurance requirements (SARs) using Protection Profiles (PPs). Technology vendors can then implement and/or make claims about the security attributes of their products, and hire testing laboratories to evaluate their products to determine if they meet these claims. In short, Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous, standard and repeatable manner at a level that corresponds with its target use environment. Once this process is completed successfully, a vendor achieves Common Criteria certification.
Common Criteria is used as the basis for a government-driven certification scheme. Evaluations are typically completed for the use of Federal Government agencies and critical infrastructure. Additionally, many enterprise organizations use Common Criteria as a requisite for procuring new software solutions based on the quality guarantee these certified products deliver.
The Common Criteria for Information Technology Security Evaluation and its companion, Common Methodology for Information Technology Security Evaluation (CEM), make up the technical basis for an international agreement, the Common Criteria Recognition Arrangement (CCRA). The CC is the driving force for the widest available mutual recognition of secure IT products across the globe. And though each country has its own certification process, the Common Criteria Recognition Arrangement (CCRA) recognizes evaluations against a collaborative Protection Profile (cPP)—meaning all member countries will acknowledge these certifications.
There are several purposes as to why the Common Criteria certification exists. Some of these include:
Here are some key terms and concepts to know when trying to understand the Common Criteria certification.
The Common Criteria as we know it comes out of a wide range of existing standards and regulations. Here are a few that directly influenced the structure of the CC.
The Common Criteria was developed by unifying these existing standards so that businesses selling computer products for the government industry (predominately for defense or intelligence use) would only need to evaluate them against one set of standards. The CC was created by the governments of France, Canada, the U.S., Germany, the United Kingdom and the Netherlands.
There are several steps a company must take to become Common Criteria certified.
Blancco’s File Eraser solution (version 8.2) recently achieved Common Criteria certification, at the request of several customers from different regions around the world, both enterprise and government.
To achieve the Common Criteria certification, we submitted evaluation reports of our products, which were investigated and then accepted by the CSEC (the certification body in Sweden that issues the Common Criteria certificate in that country). You can find the certificate online, here.
Visit our certifications page to learn how Blancco meets compliance with standards, regulations and certifications across the globe.