CC:2022 – How it Compares and Differs from CC3.1R5 (L21b)
What’s new in Common Criteria 2022 (CC:2022) and what is different from Common Criteria 3.1 Revision 5? (CC 3.1R5). This talk will outline some of the major differences and will point out the newly introduced concepts now incorporated into CC:2022. The speaker will mention the three approaches to evaluating conformance, which include the newer exact conformance approach. The speakers will also outline the new functional requirements introduced, and we will cover the new assurance requirements as well as updated assurance requirements. Evaluation Methods and Evaluation Activities are now defined in the new Parts 4 and 5 of CC:2022. There are pre-defined packages that are included in EAL 1 through 7 evaluations. Composition of Assurance is also covered where the layered approach, network or bi-directional approach, and the embedded approach are supported. The speaker will cover what modularization is permitted, and finally, the speaker will discuss additions and updates to the CEM with such matters as considerations for an exact conformance Protection Profile evaluation regarding consistency of PP-Modules and Security Target consistency, for example. Authors: Miguel Banon (Independent Consultant, Convenor ISO/IEC JTC 1/SC 27/WG 3), Dr. David Martin (Research Fellow), Carolina Lavatelli (Internet of Trust), Dr. Elzbieta Andrukiewicz (National Institute of Telecommunications), Dr. Susanne Pingel (Federal Office for Information Security)