Publications
The member organisations of the CCRA declare that defined assurance levels (EALs) between versions of the criteria are equivalent and can therefore be used without restrictions for composition activities.
 CC v3.1. Release 5
CC v3.1 Release 5 consists of three parts. Make sure to download and use these files: |
|||
| XML | |||
| Part 1: Introduction and general model |
 CCPART1V3.1R5.pdf
|
CC3R3.dtd | |
|
CCPART1V3.1R5_marked_changes.pdf
|
|||
| Part 2: Security functional requirements |
CCPART2V3.1R5.pdf
|
cc3R5.XML.zip | |
|
CCPART2V3.1R5_marked_changes.pdf
|
|||
| Part 3: Security assurance requirements |
CCPART3V3.1R5.pdf
|
||
|
CCPART3V3.1R5_marked_changes.pdf
|
|||
| CEM v3.1 consists of one part: |
|||
| CEM |
CEMV3.1R5.pdf
|
||
| CEM |
CEMV3.1R5_marked_changes.pdf
|
||
| Addenda to the CC and CEM |
CCDB-2017-05-17-CCaddenda-Exact_Conformance.pdf
|
||
|
| |||
|
CC v3.1. Release 4
CC v3.1 Release 4 consists of three parts. Make sure to download and use these files: |
|||
| XML | |||
| Part 1: Introduction and general model |
CCPART1V3.1R4.pdf
|
CC3R3.dtd | |
|
CCPART1V3.1R4_marked_changes.pdf
|
|||
| Part 2: Security functional requirements |
CCPART2V3.1R4.pdf
|
cc3R4.XML.zip | |
|
CCPART2V3.1R4_marked_changes.pdf
|
|||
| Part 3: Security assurance requirements |
CCPART3V3.1R4.pdf
|
||
|
CCPART3V3.1R4_marked_changes.pdf
|
|||
| CEM v3.1 consists of one part: |
|||
| CEM |
CEMV3.1R4.pdf
|
||
| CEM |
CEMV3.1R4_marked_changes.pdf
|
||
| Addenda to the CC and CEM |
CCDB-2014-03-001-CCaddenda-Modular_PP.pdf
|
||
|
CC v3.1 Release 3 CC v3.1 consists of three parts. Make sure to download and use these files marked as "Final": |
|||
| XML | |||
| Part 1: Introduction and general model |
CCPART1V3.1R3.pdf
|
CC3R3.dtd | |
| Part 2: Security functional requirements |
CCPART2V3.1R3.pdf
|
cc3R3.XML.zip | |
|
CCPART2V3.1R3 - marked changes.pdf
|
|||
| Part 3: Security assurance requirements |
CCPART3V3.1R3.pdf
|
||
|
CCPART3V3.1R3 - marked changes.pdf
|
|||
| CEM v3.1 consists of one part: |
|||
| CEM |
CEMV3.1R3.pdf
|
||
| CEM |
CEMV3.1R3 - marked changes.pdf
|
||
|
|
|||
|
See the guides: |
|
||
|
CC v2.3
CC v2.3 is based on version 2.2, updated with a number of interpretations and further editorial changes that do not affect their technical content. These standards have also been published as ISO/IEC 15408:2005 and ISO/IEC 18045:2005. This version is the last of the 2.* series, and may optionally be used for evaluations starting no later than March 2008. Assurance maintenance based on CC v2.3 evaluations may, in general, continue for up to 2 years beyond the certification date. However, the
certificate-issuing Scheme may, as circumstances warrant, either lengthen or shorten this period of
assurance maintenance, based on the IT product type and the needs of the consumer.
CC v2.3 consists of three parts: |
|||
| Part 1: Introduction and general model |
ccpart1v2.3.pdf
|
||
| Part 2: Security functional requirements |
ccpart2v2.3.pdf
|
||
| Part 3: Security assurance requirements |
ccpart3v2.3.pdf
|
||
|
CEM v2.3 consists of one part: |
|||
| CEM |
cemv2.3.pdf
|
||
|
For previous versions of the CC and CEM please click here For unofficial versions of the CC and CEM please click here |
|||
The following documents are CC Supporting Documents. Supporting documents are used within the Common Criteria certification process to define how the criteria and evaluation methods are applied when certifying specific technologies. They replace multiple individual interpretations and hence provide clarity for developers, evaluators, and users. Their relevance and use for particular technologies is approved through an external approval process in which all CCRA members have input.
There are two classes of CC Supporting documentation:
- Those which are termed 'Mandatory Supporting Documents' are required to have been applied when a product involving the particular technology is certified in order to support mutual recognition.
- Those which are termed 'Guidance Supporting Documents' contain more general advice.
For more information see the CCRA Procedure for Supporting Documents.
CCRA Supporting Documents
| Document Number | Title |
| CCDB-2015-01-004 | Full Drive Encryption: Encryption Engine |
| CCDB-2015-01-003 | Full Drive Encryption: Authorization Acquisition |
| CCDB-2015-01-002 | Evaluation Activities for Stateful Traffic |
| CCDB-2015-01-001 | Evaluation Activities for Network Device cPP |
| CCDB-2008-09-002 | Characterizing Attacks to Fingerprint Verification Mechanisms |
| CCDB-2012-04-005 | Collection of Developer Evidence |
| 2002-08-009 | Reuse of Evaluation Results and Evidence |
| 2012-06-01 | Assurance Continuity |
| 2004-07-001 | Conducting Shadow Certifications |
| 2005-06-021 | Conducting Voluntary Periodic Assessments of Schemes Participating in the CCRA |
| CCDB-2006-04-004 | ST sanitising for publication |
| CCDB-2007-11-001 | Site Certification |
Supporting Documents related to Smart Cards and similar devices
| Document number | Document title | Class |
| 2006-06-001 | Rationale for Smart cards and similar devices | |
| CCDB-2010-03-001 | Guidance for smartcard evaluation v2.0 | Guidance |
| CCDB-2014-04-001 | Security Architecture requirements (ADV_ARC) for smart cards and similar devices | Mandatory |
| CCDB-2009-03-002 | Application of CC to Integrated Circuits v3.0 | Mandatory |
| CCDB-2012-04-001 | Composite product evaluation for Smartcards and similar devices | Mandatory |
| CCDB-2007-09-02 | ETR-template lite for composition | Guidance |
| CCDB-2012-04-004 | Security Architecture requirements (ADV_ARC) for smart cards and similar devices - Appendix 1 | Guidance |
| CCDB-2013-05-001 | Minimum ITSEF Requirements for Security Evaluations of Smart cards and similar devices | Mandatory |
| CCDB-2013-05-002 | Application of Attack Potential to Smartcards | Mandatory |