The Common Criteria for Information Technology Security Evaluation is an international standard (ISO/IEC 15408) for computer security certification. Common Criteria is a framework in which computer system users can specify their security functional and assurance requirements (SFRs and SARs respectively) in a Security Target (ST), and may be taken from Protection Profiles (PPs). Vendors can then implement or make claims about the security attributes of their products, and accredited testing laboratories can evaluate the products to determine if they actually meet the claims.
Security used to be about systems and software. As threats evolve, hardware engineers also have to familiarize themselves with trust and security terms and acronyms. If you are a hardware engineer interested in hardware trust and security, be sure to bookmark this page. If you spot a mistake or have ideas for enhancements, please get in touch.