Course 617: Canadian Common Criteria


This Common Criteria (CC) online course provides training on the CC Standard, with a particular focus on how CC evaluations are conducted and certified in Canada.


The objectives of this course are to ensure that upon successful completion, the participant will be able to:

  • define key terms
  • recognize the security targets and protection profiles
  • recall security functional requirements and assurance requirements
  • recall the Common Methodology Information Technology Security Evaluation
  • interpret the Canadian Common Criteria policy
  • recall the implications of cryptography in Canada
  • recall how to perform scoping and testing functions

Course outline and module objectives

  • Module 1 – Introduction
    • recall the elements of the Canadian Centre for Cyber Security (Cyber Centre) Product Evaluation Programs
    • define Common Criteria and the Canadian Common Criteria Program
  • Module 2 – Common criteria basics
    • recall the concepts that are covered in Part 1 of the CC
    • define key terms
    • recognize security targets
    • list the evaluation assurance levels
    • recognize protection profiles
  • Module 3 – Overview of evaluation assurance level versus protection profile conformant evaluations
    • list the content requirements of a security target
    • define protection profiles
    • define protection profile modules
    • distinguish between EAL conformant and PP conformant evaluations
  • Module 4 – Security functional requirements
    • define key terms
    • recall the elements of Common Criteria part 2
    • recall the different types of security functional requirements
  • Module 5 – Security assurance requirements
    • recall the elements of Common Criteria Part 3
    • recall the security assurance requirements
    • list the evaluation assurance levels
  • Module 6 – Common Methodology Information Technology Security Evaluation
    • define key terms
    • recall the role of the CEM in the evaluation process
  • Module 7 – Common Criteria in Canada
    • recall how to access the Canadian Common Criteria instructions
    • recall the topics covered in the instructions document
  • Module 8 – Cryptography
    • recall the implications of including cryptography in evaluations
    • determine whether a product must claim cryptography
    • identify cryptographic implementations
    • recall how to address cryptography requirements in protection profiles
    • determine whether cryptographic implementation operational environment equivalency can be claimed
  • Module 9 – Scoping
    • define the scope
    • recall the scope issues with which an evaluator needs to be familiar
    • recall how to scope the TOE
  • Module 10 – Testing
    • recall the certification body testing and vulnerability assessment requirements.

Target audience

This online course is primarily intended for individuals employed by commercial testing labs who wish to become qualified CC evaluators, though it may also be of interest to system architects and IT product vendors who wish to learn more about the CC.


Please read Part 1: introduction and general model of the CC prior to starting this course.

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: