Publications
The member organisations of the CCRA declare that defined assurance levels (EALs) between versions of the criteria are equivalent and can therefore be used without restrictions for composition activities.
 CC v3.1. Release 4
Click here for information about the CC/CEM maintenance process. CC v3.1 Release 4 consists of three parts. Make sure to download and use these files: |
|||
| XML | |||
| Part 1: Introduction and general model |
 CCPART1V3.1R4.pdf
|
CC3R3.dtd | |
|
CCPART1V3.1R4_marked_changes.pdf
|
|||
| Part 2: Security functional requirements |
CCPART2V3.1R4.pdf
|
cc3R4.XML.zip | |
|
CCPART2V3.1R4_marked_changes.pdf
|
|||
| Part 3: Security assurance requirements |
CCPART3V3.1R4.pdf
|
||
|
CCPART3V3.1R4_marked_changes.pdf
|
|||
| CEM v3.1 consists of one part: |
|||
| CEM |
CEMV3.1R4.pdf
|
||
| CEM |
CEMV3.1R4_marked_changes.pdf
|
||
|
CC v3.1 Release 3 Click here for information about the CC/CEM maintenance process. CC v3.1 consists of three parts. Make sure to download and use these files marked as "Final": |
|||
| XML | |||
| Part 1: Introduction and general model |
CCPART1V3.1R3.pdf
|
CC3R3.dtd | |
| Part 2: Security functional requirements |
CCPART2V3.1R3.pdf
|
cc3R3.XML.zip | |
|
CCPART2V3.1R3 - marked changes.pdf
|
|||
| Part 3: Security assurance requirements |
CCPART3V3.1R3.pdf
|
||
|
CCPART3V3.1R3 - marked changes.pdf
|
|||
| CEM v3.1 consists of one part: |
|||
| CEM |
CEMV3.1R3.pdf
|
||
| CEM |
CEMV3.1R3 - marked changes.pdf
|
||
|
|
|||
|
See the guides: |
|
||
|
CC v2.3
CC v2.3 is based on version 2.2, updated with a number of interpretations and further editorial changes that do not affect their technical content. These standards have also been published as ISO/IEC 15408:2005 and ISO/IEC 18045:2005. This version is the last of the 2.* series, and may optionally be used for evaluations starting no later than March 2008. Assurance maintenance based on CC v2.3 evaluations may, in general, continue for up to 2 years beyond the certification date. However, the
certificate-issuing Scheme may, as circumstances warrant, either lengthen or shorten this period of
assurance maintenance, based on the IT product type and the needs of the consumer.
CC v2.3 consists of three parts: |
|||
| Part 1: Introduction and general model |
ccpart1v2.3.pdf
|
||
| Part 2: Security functional requirements |
ccpart2v2.3.pdf
|
||
| Part 3: Security assurance requirements |
ccpart3v2.3.pdf
|
||
|
CEM v2.3 consists of one part: |
|||
| CEM |
cemv2.3.pdf
|
||
|
For previous versions of the CC and CEM please click here For unofficial versions of the CC and CEM please click here |
|||
The following documents are CC Supporting Documents. Supporting documents are used within the Common Criteria certification process to define how the criteria and evaluation methods are applied when certifying specific technologies. They replace multiple individual interpretations and hence provide clarity for developers, evaluators, and users. Their relevance and use for particular technologies is approved by the CCRA Management Committee following submission of a suitable rationale. Their subsequent maintenance is a responsibility of the CCRA Development board.
There are two classes of CC Supporting documentation:
- Those which are termed 'Mandatory Supporting Documents' are required to have been applied when a product involving the particular technology is certified in order to support mutual recognition.
- Those which are termed 'Guidance Supporting Documents' contain more general advice.
For more information see the CCRA Procedure for Supporting Documents.
Supporting Documents related to Smart Cards and similar devices
| Document number | Document title | Class |
| 2006-06-001 | Rationale for Smart cards and similar devices | |
| CCDB-2010-03-001 | Guidance for smartcard evaluation v2.0 | Guidance |
| CCDB-2012-04-002 | Application of Attack Potential to Smartcards v2.8 | Mandatory |
| CCDB-2009-03-002 | Application of CC to Integrated Circuits v3.0 | Mandatory |
| CCDB-2009-09-001 | Requirements to perform Integrated Circuit Evaluations v1.0 | Mandatory |
| CCDB-2012-04-001 | Composite product evaluation for Smartcards and similar devices v1.2 | Mandatory |
| CCDB-2007-09-02 | ETR-template lite for composition v1.0 | Guidance |
| CCDB-2012-04-003 | Security Architecture requirements (ADV_ARC) for smart cards and similar devices | Guidance |
| CCDB-2012-04-004 | Security Architecture requirements (ADV_ARC) for smart cards and similar devices - Appendix 1 | Guidance |
Additional CCRA Supporting Documents
| Document Number | Title |
| CCDB-2012-04-005 | Collection of Developer Evidence |
| 2002-08-009 | Reuse of Evaluation Results and Evidence |
| 2012-06-01 | Assurance Continuity |
| 2004-07-001 | Conducting Shadow Certifications |
| 2005-06-021 | Conducting Voluntary Periodic Assessments of Schemes Participating in the CCRA |
| CCDB-2006-04-004 | ST sanitising for publication |
| CCDB-2009-03-003 | Requirements to perform Integrated Circuit Evaluations |
| CCDB-2007-11-001 | Site Certification |