In information security, the term assurance means the level of trust or the degree of confidence in the satisfaction of security needs. There are many standards and guidelines published by the government and commercial organizations to evaluate the assurance aspects of computer systems.
Common Criteria (CC) is an assurance framework that is predominantly derived from the following three country specific standards:
CC basically defines a Protection Profile (PP) for computing systems.
The following are some of the concepts pertaining to CC:
Trusted Computer Security Evaluation Criteria (TCSEC) is also called the orange book in a rainbow series published by the United States Department of Defense (DoD). The focus of TCSEC is on confidentiality while the DoD's other standard, Trusted Network Interpretation (TNI), which is also called the red book, addresses confidentiality as well as integrity.
Information Technology Security Evaluation Criteria (ITSEC) is a European standard for IT security that specifies evaluation criteria for functionality and assurance. ITSEC divides evaluation parameters as follows:
There are two kinds of assurances specified:
Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) is a Canadian standard for security product evaluation published by the Communications Security Establishment.