Data and document security is one of the greatest challenges facing IT professionals and users. Not surprisingly, manufacturers make all sorts of claims about their equipment’s security features. Independent validation of such claims is obviously needed. Fortunately, Common Criteria, a program designed to meet the security testing needs of IT manufactures and users, has established an internationally recognised evaluation standard.

The Common Criteria represents the outcome of efforts to develop criteria for evaluation of IT security that are widely useful within the international community. It is an alignment and development of a number of source criteria: the existing European, US and Canadian criteria (ITSEC, TCSEC and CTCPEC respectively). The Common Criteria resolves the conceptual and technical differences between the source criteria. It is a contribution to the development of an international standard, and opens the way to worldwide mutual recognition of evaluation results.