This version of the Common Criteria for Information Technology Security Evaluation (CC 2.1) is a revision that aligns it with International Standard ISO/IEC 15408:1999. In addition, the document has been formatted to facilitate its use. Security specifications written using this document, and IT products/systems shown to be compliant with such specifications, are considered to be ISO/IEC 15408:1999 compliant.
CC 2.0 was issued in May, 1998. Subsequently, a Mutual Recognition Arrangement was established to use the CC as the basis of mutual recognition of evaluation results performed by the signatory organisations. ISO/IEC JTC 1 adopted CC 2.0 with minor, mostly editorial modifications in June, 1999.
CC version 2.1 consists of the following parts:
- Part 1: Introduction and general model
- Part 2: Security functional requirements
- Part 3: Security assurance requirements
This Legal NOTICE has been placed in all Parts of the CC by request:
The seven governmental organisations (collectively called "the Common Criteria Project Sponsoring Organisations") listed just below and identified fully in Part 1 Annex A, as the joint holders of the copyright in the Common Criteria for Information Technology Security Evaluations, version 2.1 Parts 1 through 3 (called "CC 2.1"), hereby grant non-exclusive license to ISO/IEC to use CC 2.1 in the continued development/maintenance of the ISO/IEC 15408 international standard. However, the Common Criteria Project Sponsoring Organisations retain the right to use, copy, distribute, translate or modify CC 2.1 as they see fit.
Canada: Communications Security Establishment France: Service Central de la Sécurité des Systèmes d’Information Germany: Bundesamt für Sicherheit in der Informationstechnik Netherlands: Netherlands National Communications Security Agency United Kingdom: Communications-Electronics Security Group United States: National Institute of Standards and Technology United States: National Security Agency