# Common Criteria (CC) Overview One-sentence definition: International framework for evaluating IT product security against specified requirements. ## Key Facts - Artifacts: **Protection Profile (PP)**, **Security Target (ST)**. - Requirements: **SFRs** (functional) and **SARs** (assurance). - Evaluation levels: **EAL1–EAL7** (increasing rigor, not necessarily security). - Mutual Recognition Agreements align certifications across countries. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Distinguish PP vs ST and EAL implications. **Mnemonic:** “**Profile** defines; **Target** implements.” ## Mini Scenario Q: Customer demands independent assurance—what to cite? A: Common Criteria evaluation with relevant EAL. ## Revision Checklist - Define PP, ST. - SFR vs SAR. - EAL concept. ## Related [[CC: EAL Levels, SFR SAR, PP vs ST]] · [[TCB vs Assurance vs Trust]] · [[FIPS 140-3 Cryptographic Module Validation]] · [[Security Kernel and Protection Rings]] · [[Code Signing and Software Integrity]] · [[Domain 3 - Index]]