Publications
The member organisations of the CCRA declare that defined assurance levels (EALs) between versions of the criteria are equivalent and can therefore be used without restrictions for composition activities.
CC:2022 Release 1
Copyright information on CC:2022 and CEM:2022 On base of and in compliance with the Legal Notice statement provided in the CC:2022 the governmental organizations explicitly grant respective usage rights of CC:2022 Parts 1 through 5 to CC users in private/commercial/organizational/other sectors (as e.g. developers, applicants, certification bodies, evaluation laboratories, authors of Protection Profiles (PP) and Security Targets (ST)). Hereby, usage rights cover the re-use of text sections of CC:2022 Parts 1 through 5 in the narrower sense, as e.g. copying or modifying of Security Assurance Requirements (SAR) or Security Functional Requirements (SFR) for use in further CC-related documents. As well, the publication of such CC-related documents that make use of text sections of CC:2022 Parts 1 through 5 is allowed. Such usage rights hold in the same manner for CEM:2022. CC:2022 Release 1 consists of five parts. Make sure to download and use these files: |
|||
XML | |||
Part 1: Introduction and general model | CC2022PART1R1.pdf | CC22R1.dtd | |
Part 2: Security functional requirements | CC2022PART2R1.pdf | ||
Part 3: Security assurance requirements | CC2022PART3R1.pdf | cc2022R1.XML | |
Part 4: Framework for the specification of evaluation methods and activities | CC2022PART4R1.pdf | ||
Part 5: Pre-defined packages of security requirements | CC2022PART5R1.pdf | ||
CEM:2022 consists of one part: |
|||
CEM | CEM2022R1.pdf | ||
Errata to CC:2022 and CEM:2022 (application of the latest published version is mandatory) |
CC2022CEM2022Errata_Interpretation-v1_1.pdf
, Version 1.1
CC2022CEM2022Errata_Interpretation-v1_0.pdf , Version 1.0 |
||
Transition Policy to CC:2022 and CEM:2022 | CC2022CEM2022TransitionPolicy.pdf |
| |
Transition Policy to CC:2022 and CEM:2022
CCV3.1R5 version is the last from the 3.1 series, and may optionally be used for evaluation starting no later than the 30th of June 2024. STs conformant to CC:2022 based on PPs certified according to CC3.1 will be accepted up to the 31st of December 2027. Assurance continuity activities (maintenance, re-evaluation and re-assessment) based on CC 3.1 evaluations can be started for up to 2 years from the initial certification date. Further details now available. |
| ||
CC v3.1. Release 5
Copyright information on CC:2022 and CEM:2022 The governmental organizations have always been supportive of the CC texts being reused by any users of the CC documents, including modifications and reuse of part of the documents, and will continue to follow this policy. On base of and in compliance with the Legal Notice statement provided in the CC v3.1 R5 the governmental organizations explicitly grant respective usage rights of CC v3.1 R5 Parts 1 through 3 to CC users in private/commercial/organizational/other sectors (as e.g. developers, applicants, certification bodies, evaluation laboratories, authors of Protection Profiles (PP) and Security Targets (ST)). Hereby, usage rights cover the re-use of text sections of CC v3.1 R5 Parts 1 through 3 in the narrower sense, as e.g. copying or modifying of Security Assurance Requirements (SAR) or Security Functional Requirements (SFR) for use in further CC-related documents. As well, the publication of such CC-related documents that make use of text sections of CC v3.1 R5 Parts 1 through 3 is allowed. CC v3.1 Release 5 consists of three parts. Make sure to download and use these files: |
|||
XML | |||
Part 1: Introduction and general model | CCPART1V3.1R5.pdf | CC3R3.dtd | |
CCPART1V3.1R5_marked_changes.pdf | |||
Part 2: Security functional requirements | CCPART2V3.1R5.pdf | cc3R5.XML.zip | |
CCPART2V3.1R5_marked_changes.pdf | |||
Part 3: Security assurance requirements | CCPART3V3.1R5.pdf | ||
CCPART3V3.1R5_marked_changes.pdf | |||
CEM v3.1 consists of one part: |
|||
CEM | CEMV3.1R5.pdf | ||
CEM | CEMV3.1R5_marked_changes.pdf | ||
Addenda to the CC and CEM |
CCDB-013-v2.0-2021-Sep-30-Final-CCaddenda-Exact_Conformance.pdf |
||
| |||
CC v3.1. Release 4
CC v3.1 Release 4 consists of three parts. Make sure to download and use these files: |
|||
XML | |||
Part 1: Introduction and general model | CCPART1V3.1R4.pdf | CC3R3.dtd | |
CCPART1V3.1R4_marked_changes.pdf | |||
Part 2: Security functional requirements | CCPART2V3.1R4.pdf | cc3R4.XML.zip | |
CCPART2V3.1R4_marked_changes.pdf | |||
Part 3: Security assurance requirements | CCPART3V3.1R4.pdf | ||
CCPART3V3.1R4_marked_changes.pdf | |||
CEM v3.1 consists of one part: |
|||
CEM | CEMV3.1R4.pdf | ||
CEM | CEMV3.1R4_marked_changes.pdf | ||
Addenda to the CC and CEM |
CCDB-2014-03-001-CCaddenda-Modular_PP.pdf |
||
CC v3.1 Release 3 CC v3.1 consists of three parts. Make sure to download and use these files marked as "Final": |
|||
XML | |||
Part 1: Introduction and general model | CCPART1V3.1R3.pdf | CC3R3.dtd | |
Part 2: Security functional requirements | CCPART2V3.1R3.pdf | cc3R3.XML.zip | |
CCPART2V3.1R3 - marked changes.pdf | |||
Part 3: Security assurance requirements | CCPART3V3.1R3.pdf | ||
CCPART3V3.1R3 - marked changes.pdf | |||
CEM v3.1 consists of one part: |
|||
CEM | CEMV3.1R3.pdf | ||
CEM | CEMV3.1R3 - marked changes.pdf | ||
|
|||
See the guides: |
|||
For previous versions of the CC and CEM please click here For unofficial versions of the CC and CEM please click here |
The following documents are CC Supporting Documents. Supporting documents are used within the Common Criteria certification process to define how the criteria and evaluation methods are applied when certifying specific technologies. They replace multiple individual interpretations and hence provide clarity for developers, evaluators, and users. Their relevance and use for particular technologies is approved through an external approval process in which all CCRA members have input.
There are two classes of CC Supporting documentation:
- Those which are termed 'Mandatory Supporting Documents' are required to have been applied when a product involving the particular technology is certified in order to support mutual recognition.
- Those which are termed 'Guidance Supporting Documents' contain more general advice.
For more information see the CCRA Procedure for Supporting Documents.
CCRA Supporting Documents
Document Number | Title |
CCDB-2015-01-004 | Full Drive Encryption: Encryption Engine |
CCDB-2015-01-003 | Full Drive Encryption: Authorization Acquisition |
CCDB-2015-01-002 | Evaluation Activities for Stateful Traffic |
CCDB-2015-01-001 | Evaluation Activities for Network Device cPP |
CCDB-2008-09-002 | Characterizing Attacks to Fingerprint Verification Mechanisms |
Collection of Developer Evidence | |
Evaluation methodology for product series, v1.0 | |
2002-08-009 | Reuse of Evaluation Results and Evidence |
CCDB-015-v3.1-2024-February-29 | Assurance Continuity |
CCDB-012-v1.0-2021-Sep-30 | Certificate Validity |
2004-07-001 | Conducting Shadow Certifications |
2005-06-021 | Conducting Voluntary Periodic Assessments of Schemes Participating in the CCRA |
CCDB-2006-04-004 | ST sanitising for publication |
CCDB-2007-11-001 | Site Certification |
2023-10-015 | Establishing International Technical Communities and Developing collaborative Protection Profiles |
CCDB-016-v1.0 | Technical Communities Policy Guidance |