Maintenance of the CC/CEM
The CC and the companion CEM are continuously updated to reflect the experience gained in their application, and to incorporate advances in the state of the art of the security evaluation practices.
While the "Common Criteria Development Board" (CCDB) manages the technical work program for the maintenance and ongoing development of the CC and CEM and reach agreement on the application of the CC and CEM to evaluations being carried out by the CCRA certificate producing nations to ensure harmonization across qualifying nations, the principal purpose of the "Common Criteria Maintenance Board" (CCMB) is to process request for inclusion of Change Proposals (CP), based upon national CC and CEM development requirements and taking into account CCRA requirements as specified by the CCDB. This includes:
-
Discussing CPs that have been forwarded to the CCMB by the CCRA participants. The results of these
discussions is a pronouncement of each CP as being either:
-
Agreed - the CP is seen to be worthy of adoption by the CCMB.
-
Concurred - the CP is seen to be acceptable by the CCMB in that its use would not violate
mutual recognition, yet it is not seen as an approach the CCMB would adopt for
International adoption.
-
Disagreed - use of the CP is either determined to violate mutual recognition or not
found in such a mature state so as to be agreed. It is expected that, as a result, the
source participant would discontinue use of the CP in as timely a fashion as possible, or the CP be
improved and forwarded again for consideration, respectively.
-
Agreed - the CP is seen to be worthy of adoption by the CCMB.
-
Supporting to the ISO/IEC standardization process of the CC/CEM, by reviewing and providing
suggestions for accepting or otherwise on comments received from ISO/IEC. Note that the
required editorial actions resulting from the acceptance of ISO comments are to be made by
the ISO/IEC appointed editors, and not by the CCMB.
-
Reviewing the technical consistency of work packages assigned to other working groups, making the editorial
integration of this new material, and reporting resulting concerns to the CCDB.
-
Regularly update the CC/CEM by incorporating agreed changes and the agreed results of work packages.
The CC/CEM documents have major and minor version numbers, and release number. The major number reflects fundamental changes or advances in the content of the evaluation criteria or the evaluation methodology. Both the CC and the CEM are issued at the same time and share the same identifiers. New official versions, as approved by the CCRA, will have a new major or minor version number.
Releases are used to distinguish working documents whose content reflect updates and fixes, based in the Change Proposal process, which are considered useful to be published. These releases can be used under the general recognition agreement of the official version that they are based on.