The Common Criteria is an international standard and method used for evaluation of the security properties of IT-products and systems, applicable for both software and embedded/hardware solutions. The objective is to facilitate the evaluation of security properties of IT products and systems against specified requirements. The method is flexible and makes it possible to specify security requirements on a product or category of products.
An evaluation based on Common Criteria can be performed based on one of the seven possible levels. The depth and scope of the evaluation is increasing progressively based on the selected level. While higher levels of evaluation are typically preferred for high-risk environment products such as smart cards or e-passport ICs, evaluations based on levels EAL1 – EAL4 are well suitable for a broad range of software and embedded products including IoT, industrial components, medical devices, data protection, antiviruses, operating systems, mobile applications and solutions, etc.