Publications

The member organisations of the CCRA declare that defined assurance levels (EALs) between versions of the criteria are equivalent and can therefore be used without restrictions for composition activities.


CC:2022 Release 1

Copyright information on CC:2022 and CEM:2022

On base of and in compliance with the Legal Notice statement provided in the CC:2022 the governmental organizations explicitly grant respective usage rights of CC:2022 Parts 1 through 5 to CC users in private/commercial/organizational/other sectors (as e.g. developers, applicants, certification bodies, evaluation laboratories, authors of Protection Profiles (PP) and Security Targets (ST)). Hereby, usage rights cover the re-use of text sections of CC:2022 Parts 1 through 5 in the narrower sense, as e.g. copying or modifying of Security Assurance Requirements (SAR) or Security Functional Requirements (SFR) for use in further CC-related documents. As well, the publication of such CC-related documents that make use of text sections of CC:2022 Parts 1 through 5 is allowed. Such usage rights hold in the same manner for CEM:2022.

CC:2022 Release 1 consists of five parts. Make sure to download and use these files:

PDF XML
Part 1: Introduction and general model CC2022PART1R1.pdf CC22R1.dtd  
Part 2: Security functional requirements CC2022PART2R1.pdf  
Part 3: Security assurance requirements CC2022PART3R1.pdf cc2022R1.XML  
Part 4: Framework for the specification of evaluation methods and activities CC2022PART4R1.pdf  
Part 5: Pre-defined packages of security requirements CC2022PART5R1.pdf  

CEM:2022 consists of one part:
  PDF  
CEM CEM2022R1.pdf  
     
Errata to CC:2022 and CEM:2022 CC2022CEM2022Errata_Interpretation.pdf (Version 1.0)  
(application of the latest published version is mandatory)
     
Transition Policy to CC:2022 and CEM:2022 CC2022CEM2022TransitionPolicy.pdf

Transition Policy to CC:2022 and CEM:2022

CCV3.1R5 version is the last from the 3.1 series, and may optionally be used for evaluation starting no later than the 30th of June 2024.

STs conformant to CC:2022 based on PPs certified according to CC3.1 will be accepted up to the 31st of December 2027.

Assurance continuity activities (maintenance, re-evaluation and re-assessment) based on CC 3.1 evaluations can be started for up to 2 years from the initial certification date.

Further details now available.

CC v3.1. Release 5

Copyright information on CC:2022 and CEM:2022

The governmental organizations have always been supportive of the CC texts being reused by any users of the CC documents, including modifications and reuse of part of the documents, and will continue to follow this policy. On base of and in compliance with the Legal Notice statement provided in the CC v3.1 R5 the governmental organizations explicitly grant respective usage rights of CC v3.1 R5 Parts 1 through 3 to CC users in private/commercial/organizational/other sectors (as e.g. developers, applicants, certification bodies, evaluation laboratories, authors of Protection Profiles (PP) and Security Targets (ST)). Hereby, usage rights cover the re-use of text sections of CC v3.1 R5 Parts 1 through 3 in the narrower sense, as e.g. copying or modifying of Security Assurance Requirements (SAR) or Security Functional Requirements (SFR) for use in further CC-related documents. As well, the publication of such CC-related documents that make use of text sections of CC v3.1 R5 Parts 1 through 3 is allowed.

CC v3.1 Release 5 consists of three parts. Make sure to download and use these files:

PDF XML
Part 1: Introduction and general model CCPART1V3.1R5.pdf CC3R3.dtd
  CCPART1V3.1R5_marked_changes.pdf  
Part 2: Security functional requirements CCPART2V3.1R5.pdf cc3R5.XML.zip
  CCPART2V3.1R5_marked_changes.pdf  
Part 3: Security assurance requirements CCPART3V3.1R5.pdf  
  CCPART3V3.1R5_marked_changes.pdf  

CEM v3.1 consists of one part:
  PDF  
CEM CEMV3.1R5.pdf  
CEM CEMV3.1R5_marked_changes.pdf  
Addenda to the CC and CEM

CCDB-013-v2.0-2021-Sep-30-Final-CCaddenda-Exact_Conformance.pdf
 
 

CC v3.1. Release 4

CC v3.1 Release 4 consists of three parts. Make sure to download and use these files:

PDF XML
Part 1: Introduction and general model CCPART1V3.1R4.pdf CC3R3.dtd
  CCPART1V3.1R4_marked_changes.pdf  
Part 2: Security functional requirements CCPART2V3.1R4.pdf cc3R4.XML.zip
  CCPART2V3.1R4_marked_changes.pdf  
Part 3: Security assurance requirements CCPART3V3.1R4.pdf  
  CCPART3V3.1R4_marked_changes.pdf  

CEM v3.1 consists of one part:
  PDF  
CEM CEMV3.1R4.pdf  
CEM CEMV3.1R4_marked_changes.pdf  
Addenda to the CC and CEM

CCDB-2014-03-001-CCaddenda-Modular_PP.pdf
 
 

CC v3.1 Release 3

CC v3.1 consists of three parts. Make sure to download and use these files marked as "Final":

  PDF XML
Part 1: Introduction and general model CCPART1V3.1R3.pdf CC3R3.dtd
Part 2: Security functional requirements CCPART2V3.1R3.pdf cc3R3.XML.zip
  CCPART2V3.1R3 - marked changes.pdf  
Part 3: Security assurance requirements CCPART3V3.1R3.pdf  
  CCPART3V3.1R3 - marked changes.pdf  

CEM v3.1 consists of one part:
  PDF  
CEM CEMV3.1R3.pdf  
CEM CEMV3.1R3 - marked changes.pdf  

See the guides:



For previous versions of the CC and CEM please click here
For unofficial versions of the CC and CEM please click here


 

The following documents are CC Supporting Documents.  Supporting documents are used within the Common Criteria certification process to define how the criteria and evaluation methods are applied when certifying specific technologies.  They replace multiple individual interpretations and hence provide clarity for developers, evaluators, and users.  Their relevance and use for particular technologies is approved through an external approval process in which all CCRA members have input. 

There are two classes of CC Supporting documentation:

For more information see the CCRA Procedure for Supporting Documents.

CCRA Supporting Documents

Document Number Title
CCDB-2015-01-004 Full Drive Encryption: Encryption Engine
CCDB-2015-01-003 Full Drive Encryption: Authorization Acquisition
CCDB-2015-01-002 Evaluation Activities for Stateful Traffic
CCDB-2015-01-001 Evaluation Activities for Network Device cPP
CCDB-2008-09-002 Characterizing Attacks to Fingerprint Verification Mechanisms
Collection of Developer Evidence
Evaluation methodology for product series, v1.0
2002-08-009 Reuse of Evaluation Results and Evidence
CCDB-015-v3.1-2024-February-29 Assurance Continuity
CCDB-012-v1.0-2021-Sep-30 Certificate Validity
2004-07-001 Conducting Shadow Certifications
2005-06-021 Conducting Voluntary Periodic Assessments of Schemes Participating in the CCRA
CCDB-2006-04-004 ST sanitising for publication
CCDB-2007-11-001 Site Certification
2023-10-015 Establishing International Technical Communities and Developing collaborative Protection Profiles

Supporting Documents related to Smart Cards and similar devices

Document title Class
Rationale for Smart cards and similar devices
Guidance for smartcard evaluation v3.0 Guidance
Security Architecture requirements (ADV_ARC) for Smart Cards and similar devices extended to Secure Sub-Systems in SoC, version 2.1 Mandatory
Application of CC to Integrated Circuits v4.0 Mandatory
Composite product evaluation for Smartcards and similar devices, v1.6 Mandatory
ETR-template lite for composition, v1.2 Guidance
Security Architecture requirements (ADV_ARC) for smart cards and similar devices, version 2.1 - Appendix 1 Guidance
Minimum ITSEF Requirements for Security Evaluations of Smart cards and similar devices Mandatory
Application of Attack Potential to Smartcards, v3.2.1 Mandatory
Minimum site security requirements (MSSR), v3.1 Mandatory
Checklist associated to Minimum site security requirements (MSSR), v3.1 Guidance
Document related to Security Requirements for post-delivery code loading, v1.0 Guidance
Management of code disclosure and software IP reuse, v1.2 Guidance
Site Technical Audit Report Template, v1.0 (document related to MSSR) Guidance
Assurance Continuity - Practical Cases for Smart Cards and similar devices, v1.1 Guidance
Biometric card - Guidelines, v1.1 Guidance