Common Criteria
E766421
ISO/IEC standard
information technology security evaluation standard
security certification framework
Common Criteria is an international standard (ISO/IEC 15408) for evaluating and certifying the security properties of IT products and systems.
All labels observed (2)
| Label | Occurrences |
|---|---|
| Common Criteria canonical | 1 |
| Common Criteria certifications | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T8918550 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
NED1
Entity disambiguation (via context triple)
gpt-5-mini-2025-08-07
Target entity: Common Criteria Context triple: [Hardware security module, implementsStandard, Common Criteria]
-
A.
FIPS 200
FIPS 200 is a U.S. federal standard that establishes minimum security requirements for federal information and information systems, forming a core part of the government’s information security framework.
-
B.
ISO/IEC 27000 family
The ISO/IEC 27000 family is an international set of standards that provides best-practice frameworks and requirements for establishing, implementing, maintaining, and continually improving information security management systems.
-
C.
FIPS 140
FIPS 140 is a U.S. government standard that specifies security requirements for cryptographic modules used to protect sensitive information in computer and telecommunications systems.
-
D.
NIST SP 800 series
The NIST SP 800 series is a collection of special publications from the U.S. National Institute of Standards and Technology that provide guidelines, recommendations, and technical specifications for information security and risk management.
-
E.
NIST SP 800-171
NIST SP 800-171 is a U.S. National Institute of Standards and Technology publication that specifies security requirements for protecting Controlled Unclassified Information in non-federal information systems and organizations.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
NED2
Entity disambiguation (via description)
gpt-5-mini-2025-08-07
Target entity: Common Criteria Target entity description: Common Criteria is an international standard (ISO/IEC 15408) for evaluating and certifying the security properties of IT products and systems.
-
A.
FIPS 200
FIPS 200 is a U.S. federal standard that establishes minimum security requirements for federal information and information systems, forming a core part of the government’s information security framework.
-
B.
ISO/IEC 27000 family
The ISO/IEC 27000 family is an international set of standards that provides best-practice frameworks and requirements for establishing, implementing, maintaining, and continually improving information security management systems.
-
C.
FIPS 140
FIPS 140 is a U.S. government standard that specifies security requirements for cryptographic modules used to protect sensitive information in computer and telecommunications systems.
-
D.
NIST SP 800 series
The NIST SP 800 series is a collection of special publications from the U.S. National Institute of Standards and Technology that provide guidelines, recommendations, and technical specifications for information security and risk management.
-
E.
NIST SP 800-171
NIST SP 800-171 is a U.S. National Institute of Standards and Technology publication that specifies security requirements for protecting Controlled Unclassified Information in non-federal information systems and organizations.
- F. None of above. chosen
Statements (51)
| Predicate | Object |
|---|---|
| instanceOf |
ISO/IEC standard
ⓘ
information technology security evaluation standard ⓘ security certification framework ⓘ |
| abbreviation | CC NERFINISHED ⓘ |
| appliesTo |
commercial off-the-shelf products
ⓘ
custom IT systems ⓘ firmware products ⓘ hardware products ⓘ software products ⓘ |
| defines |
Security Assurance Requirements
NERFINISHED
ⓘ
Security Functional Requirements NERFINISHED ⓘ |
| evaluationMethodologyDefinedIn | ISO/IEC 18045 NERFINISHED ⓘ |
| focusesOn |
evaluation of security properties of IT products
ⓘ
evaluation of security properties of IT systems ⓘ |
| fullName | Common Criteria for Information Technology Security Evaluation NERFINISHED ⓘ |
| goal |
facilitate mutual recognition of security certificates
ⓘ
provide a common basis for security evaluation ⓘ |
| hasAbbreviation |
EAL
NERFINISHED
ⓘ
PP NERFINISHED ⓘ ST NERFINISHED ⓘ |
| hasComponent |
Part 1 Introduction and general model
ⓘ
Part 2 Security functional components ⓘ Part 3 Security assurance components ⓘ |
| hasEvaluationScale |
EAL1
NERFINISHED
ⓘ
EAL2 ⓘ EAL3 NERFINISHED ⓘ EAL4 NERFINISHED ⓘ EAL5 NERFINISHED ⓘ EAL6 NERFINISHED ⓘ EAL7 ⓘ |
| hasScope |
availability requirements
ⓘ
confidentiality requirements ⓘ integrity requirements ⓘ |
| hasVersion | Common Criteria version 3.1 NERFINISHED ⓘ |
| publishedBy |
International Electrotechnical Commission
NERFINISHED
ⓘ
International Organization for Standardization ⓘ |
| recognizedBy | Common Criteria Recognition Arrangement NERFINISHED ⓘ |
| relatedStandard | ISO/IEC 18045 NERFINISHED ⓘ |
| replaced |
ITSEC
NERFINISHED
ⓘ
TCSEC NERFINISHED ⓘ |
| standardNumber | ISO/IEC 15408 NERFINISHED ⓘ |
| supports |
comparability of security certifications
ⓘ
independent security evaluation ⓘ |
| usedBy |
IT product vendors
ⓘ
evaluation laboratories ⓘ government agencies ⓘ |
| usedFor |
certification of security products
ⓘ
procurement requirements ⓘ |
| usesConcept |
Evaluation Assurance Level
NERFINISHED
ⓘ
Protection Profile ⓘ Security Target ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
Instruction
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Input
Subject: Common Criteria Description of subject: Common Criteria is an international standard (ISO/IEC 15408) for evaluating and certifying the security properties of IT products and systems.
Referenced by (2)
Full triples — surface form annotated when it differs from this entity's canonical label.
subject surface form:
Hardware security module
this entity surface form:
Common Criteria certifications