Common? C’mon! (A21b)
Common? C’mon! Over the years, the CC have struggled to establish a common understanding of where the bars shall be positioned that products must clear for a certain certification level. Drawing from experience with evaluations in various national schemes, the author will explore what customers and manufacturers expect from certificates and the importance of mutual recognition to them. Observing how evaluations are approached by different schemes and how schemes tries to provide consistent certification results within their own scheme and over the time, questions arise about the right ways to achieve comparable evaluation results and thus comparable meaning of certificates. For example, schemes cannot agree how to deal with security functionality provided by the environment or how to accept national standards. The biggest question is, though, to what extent we actually need mutual recognition in the way that led to the CC some 20 years ago, or if our understanding of using the CC’s framework has evolved since. The author will help a more relaxed and flexible understanding of what needs to remain common in the Common Criteria and where diverging uses may promote a brighter future for the CC.