Strategies for CC Compliance for Systems with LLMs (C30b)
Common Criteria (ISO/IEC 15408) certifications are philosophically rooted in determinism: the principle that a Target of Evaluation (TOE) given input X will produce a predictable, repeatable output Y. Large Language Models (LLMs), however, are intrinsically non-deterministic. Their stochastic nature challenges the core tenets of the ADV (Development) and ATE (Tests) assurance classes, making traditional evaluation methodologies difficult, if not impossible, to apply. This talk explores two pathways for integrating LLMs into certified systems. First, the presenters propose a long-term evolution of the standard, discussing how Supplemental Functional Packages can be integrated into Protection Profiles to define guardrails for probabilistic outputs. Second, they will present a “ground-zero” strategy for immediate compliance at the EAL 2 level within the existing framework. This approach treats the LLM as a Non-TSF component isolated within a trusted boundary. The presenters demonstrate how to satisfy ADV_ARC (Security Architecture) and AVA_VAN (Vulnerability Analysis) requirements through deterministic “mediator” components, providing a concrete roadmap for certifying AI-enabled systems today without waiting for international regulatory shifts.