A survey on common criteria (CC) evaluating schemes for security assessment of IT products

Fatima, Maheen; Abbas, Haider; Yaqoob, Tahreem; Shafqat, Narmeen; Ahmad, Zarmeen; Zeeshan, Raja; Muhammad, Zia; Rana, Tauseef; Mussiraliyeva, Shynar

doi:10.7717/peerj-cs.701

“…Since Common Criteria covers a comprehensive range of categories and technologies for ICT products and services, it promotes the mutual recognition of secure ICT products among a broad range of security standards and certifications [19]. For example, Matheu et al [5] stated that Common Criteria is the most widely used cybersecurity certification in the IoT field.…”

Section: Related Work a Cybersecurity Standards And Certificationsmentioning

confidence: 99%

“…As of 2021, there are 17 certificate authorizing schemes under the Common Criteria [41]. Country-specific implementation of Common Criteria schemes are different in the flow of evaluation and certification of ICT products [19]. The fragmented landscape of Common Criteria schemes generates the disharmonized perspective for security evaluation.…”

Section: ) Lack Of Mutual Recognitionmentioning

confidence: 99%

How Do Organizations Seek Cyber Assurance? Investigations on the Adoption of the Common Criteria and Beyond

Sun

¹

,

Li

²

,

Chan

³

et al. 2022

View full text Add to dashboard Cite

Cyber assurance, which is the ability to operate under the onslaught of cyber attacks and other unexpected events, is essential for organizations facing inundating security threats on a daily basis. Organizations usually employ multiple strategies to conduct risk management to achieve cyber assurance. Utilizing cybersecurity standards and certifications can provide guidance for vendors to design and manufacture secure Information and Communication Technology (ICT) products as well as provide a level of assurance of the security functionality of the products for consumers. Hence, employing security standards and certifications is an effective strategy for risk management and cyber assurance. In this work, we begin with investigating the adoption of cybersecurity standards and certifications by surveying 258 participants from organizations across various countries and sectors. Specifically, we identify adoption barriers of the Common Criteria through the designed questionnaire. Taking into account the seven identified adoption barriers, we show the recommendations for promoting cybersecurity standards and certifications. Moreover, beyond cybersecurity standards and certifications, we shed light on other risk management strategies devised by our participants, which provides directions on cybersecurity approaches for enhancing cyber assurance in organizations.INDEX TERMS Common criteria, cyber security, protection profile, security standard and certification, trusted system. CHANG-TSUN LI (Senior Member, IEEE) received the B.Sc. degree in electrical engineering from National Defense University (NDU), Taiwan, in 1987, the M.Sc. degree in computer science from the U.S. Naval Postgraduate School, USA, in 1992, and the Ph.D. degree in computer science from the

show abstract

“…Since Common Criteria covers a comprehensive range of categories and technologies for ICT products and services, it promotes the mutual recognition of secure ICT products among a broad range of security standards and certifications [35]. For example, Matheu et al [49] stated that Common Criteria is the most widely used cybersecurity certification in the IoT field.…”

Section: Related Workmentioning

confidence: 99%

“…As of 2021, there are 17 certificate authorizing schemes under the Common Criteria [25]. Country-specific implementation of Common Criteria schemes are different in the flow of evaluation and certification of ICT products [35]. The fragmented landscape of Common Criteria schemes generates the disharmonized perspective for security evaluation.…”

Section: Lack Of Mutual Recognitionmentioning

confidence: 99%

“…In response, many product vendors engage consultants to prepare specific evaluation material at the pre-evaluation stage. The current efforts on major review work are underway by international experts through the International Organization of Standardization (ISO) [35]. This should see an improvement of the Common Criteria for wider adoption from the perspective of usability and readability of the documentation.…”

Section: Lack Of Security Evaluation Experiencementioning

confidence: 99%

See 1 more Smart Citation

How Do Organizations Seek Cyber Assurance? Investigations on the Adoption of the Common Criteria and Beyond

Sun,

Li,

Chan

et al. 2022

Preprint

0

View full text Add to dashboard Cite

Cyber assurance, which is the ability to operate under the onslaught of cyber attacks and other unexpected events, is essential for organizations facing inundating security threats on a daily basis. Organizations usually employ multiple strategies to conduct risk management to achieve cyber assurance. Utilizing cybersecurity standards and certifications can provide guidance for vendors to design and manufacture secure Information and Communication Technology (ICT) products as well as provide a level of assurance of the security functionality of the products for consumers. Hence, employing security standards and certifications is an effective strategy for risk management and cyber assurance. In this work, we begin with investigating the adoption of cybersecurity standards and certifications by surveying 258 participants from organizations across various countries and sectors. Specifically, we identify adoption barriers of the Common Criteria through the designed questionnaire. Taking into account the seven identified adoption barriers, we show the recommendations for promoting cybersecurity standards and certifications. Moreover, beyond cybersecurity standards and certifications, we shed light on other risk management strategies devised by our participants, which provides directions on cybersecurity approaches for enhancing cyber assurance in organizations.

show abstract

Circumventing Google Play vetting policies: a stealthy cyberattack that uses incremental updates to breach privacy

Muhammad

¹

,

Amjad

²

,

Iqbal³

et al. 2023

J Ambient Intell Human Comput

6

0

View full text Add to dashboard Cite

A survey on common criteria (CC) evaluating schemes for security assessment of IT products

Cited by 13 publications

References 12 publications

How Do Organizations Seek Cyber Assurance? Investigations on the Adoption of the Common Criteria and Beyond

How Do Organizations Seek Cyber Assurance? Investigations on the Adoption of the Common Criteria and Beyond

How Do Organizations Seek Cyber Assurance? Investigations on the Adoption of the Common Criteria and Beyond

Circumventing Google Play vetting policies: a stealthy cyberattack that uses incremental updates to breach privacy

Contact Info

Product

Resources

About