Security Architecture & Evaluation Criteria Framework | CISSP Bits

Andre Camillo, CISSP
CloudnSec
Published in
2 min readFeb 4, 2024

--

The Common Criteria as a Global Standard for Cybersecurity

The Common Criteria is a framework established in the early 1990s. It integrates the strengths of both the Trusted Computer System Evaluation Criteria and Information Technology Security Evaluation Criteria, while mitigating their weaknesses. It offers more flexibility than the Trusted Computer System Evaluation Criteria and is more straightforward than the Information Technology Security Evaluation Criteria.

An inaccurate, simplified representation of TCSEC, ITSEC and Common Evaluation Criteria. Source: Author

Why is it important to Cyber Security?

As a globally recognized standard, the Common Criteria simplifies the ratings for customers, eliminating the need to comprehend different ratings within various evaluation schemes. This standardization plays a crucial role in enhancing cybersecurity by providing a clear and consistent evaluation criterion.

How can it be useful to the industry?

For manufacturers and industry stakeholders, the Common Criteria is incredibly beneficial. It allows customers to adhere to one specific set of requirements for international sales, rather than having to satisfy multiple different ratings with diverse rules and requirements. This not only streamlines the process but also promotes broader acceptance of their products in the global market.

Learn more about my Cloud and Security Projects: https://linktr.ee/acamillo

Consider subscribing to Medium (here) to access more content that will empower you!

Thank you for reading and leave your thoughts/comments!

--

--

Andre Camillo, CISSP
CloudnSec

Cloud and Security technologies, Career, Growth Mindset. Follow: https://linktr.ee/acamillo . Technical Specialist @Microsoft. Opinions are my own.