Navigation and service

BSI - Federal Office for Information Security (Link to homepage)

Common Criteria for Information Technology Security Evaluations

Logo Common Criteria

The following versions of the Common Criteria (CC) apply:

CC Version 3.1

The CC version 3.1 was adopted by the international community in September 2006 in the international Common Criteria Recognition Agreement and officially announced in the Federal Gazette of 23/02/2007 in accordance with the BSI Certification Ordinance. This version of the CC is also available as international standard ISO/IEC 15408.

The Common Methodology for Information Security Evaluation (CEM) Version 3.1 was also adopted by the international community in the international Common Criteria Recognition Agreement. It defines an agreed methodology for evaluation on the basis of the CC. This version of the CEM is also available as international standard ISO/IEC 18045.

Evaluation Assurance Level

The term EAL level refers to a level of assurance (Evaluation Assurance Level) in a security service.

Further information on Common Criteria

  • Joint website of the nations involved in the CC project:
    Further information on the following topics is available here:

    • International Agreement on the Mutual Recognition of CC Certificates (CCRA)
    • Supporting documents: supporting documents on specific questions concerning certifications
    • International lists of evaluated products and protection profiles (Note: The lists of the national certification bodies are definitive)
    • Address list of international certification bodies in the CCRA
    • List of testing laboratories in the CCRA (Note: The lists of the national certification bodies are definitive)

  • Joint Website of the European Common Criteria Agreement

    Further information on the following topics is available here:

    • European Agreement on the Mutual Recognition of CC Certificates (SOGIS-MRA)
    • JIWG supporting documents: supporting documents on specific questions concerning certifications
    • List of evaluated protection profiles (Note: The lists of the national certification bodies are definitive)
    • Address list of certification bodies in the SOGIS-MRA
    • List of testing laboratories in the SOGIS-MRA (Note: The lists of the national certification bodies are definitive)
  • Description of the committees for the further development and maintenance of CC
  • Application notes and interpretations for CC in the BSI certification scheme
  • Process description for the creation of "Common Criteria Change Proposals (PDF)" and form for the creation of a change proposal (rtf).

Information on the Common Criteria is available at:

Bundesamt für Sicherheit in der Informationstechnik
Referat S 22 und S 24
Postfach 20 03 63
53133 Bonn
Telefon: +49 228 99 9582-111
Telefax: +49 228 99 9582-5455
E-Mail: zertifizierung@bsi.bund.de

Similar topics

Back to IT security criteria