Editing Common Criteria (section)

== Alternative approaches ==
Throughout the lifetime of CC, it has not been universally adopted even by the creator nations, with, in particular, cryptographic approvals being handled separately, such as by the Canadian / US implementation of [[FIPS-140]], and the [[GCHQ|CESG]] Assisted Products Scheme (CAPS)<ref>{{cite web |url=http://www.cesg.gov.uk/site/caps/index.cfm |title=CAPS: CESG Assisted Products Scheme |archive-url=https://web.archive.org/web/20080801151344/http://www.cesg.gov.uk/site/caps/index.cfm |archive-date=2008-08-01 |url-status=dead}}</ref> in the UK.

The UK has also produced a number of alternative schemes when the timescales, costs and overheads of mutual recognition have been found to be impeding the operation of the market:
* The [[GCHQ|CESG]] System Evaluation (SYSn) and Fast Track Approach (FTA) schemes for assurance of government systems rather than generic products and services, which have now been merged into the CESG Tailored Assurance Service (CTAS) <ref>[http://www.cesg.gov.uk/site/iacs/index.cfm?menuSelected=3&displayPage=3 Infosec Assurance and Certification Services (IACS)] {{webarchive |url=https://web.archive.org/web/20080220132906/http://www.cesg.gov.uk/site/iacs/index.cfm?menuSelected=3&displayPage=3 |date=February 20, 2008}}</ref>
* The [[CCT Mark|CESG Claims Tested Mark]] (CCT Mark), which is aimed at handling less exhaustive assurance requirements for products and services in a cost and time efficient manner.

In early 2011, NSA/CSS published a paper by Chris Salter, which proposed a [[Protection Profile]] oriented approach towards evaluation. In this approach, communities of interest form around technology types which in turn develop protection profiles that define the evaluation methodology for the technology type.<ref>{{cite web |url=http://www.niap-ccevs.org/cc_docs/CC_Community_Paper_10_Jan_2011.pdf |last=Salter |first=Chris |date=2011-01-10 |title=Common Criteria Reforms: Better Security Products Through Increased Cooperation with Industry |archive-url=https://web.archive.org/web/20120417104556/http://www.niap-ccevs.org/cc_docs/CC_Community_Paper_10_Jan_2011.pdf |archive-date=April 17, 2012 |url-status=dead}}</ref> The objective is a more robust evaluation. There is some concern that this may have a negative impact on [[#Mutual recognition arrangement|mutual recognition]].<ref>{{cite web |url=http://community.ca.com/blogs/iam/archive/2011/03/11/common-criteria-reforms-sink-or-swim-how-should-industry-handle-the-revolution-brewing-with-common-criteria.aspx |archive-url=https://archive.today/20120529205154/http://community.ca.com/blogs/iam/archive/2011/03/11/common-criteria-reforms-sink-or-swim-how-should-industry-handle-the-revolution-brewing-with-common-criteria.aspx |url-status=dead |archive-date=2012-05-29 |title=Common Criteria "Reforms"—Sink or Swim-- How should Industry Handle the Revolution Brewing with Common Criteria? |last=Brickman |first=Joshua |date=2011-03-11}}</ref>

In Sept of 2012, the Common Criteria published a Vision Statement<ref>{{cite web |url=https://commoncriteriaportal.org/files/ccfiles/VisionStatementAnnouncementv3.docx |format=DOCX |date=2012-09-18 |access-date=2023-12-30 |title=CCRA Management Committee Vision statement for the future direction of the application of the CC and the CCRA}}</ref> implementing to a large extent Chris Salter's thoughts from the previous year.  Key elements of the Vision included:
* Technical Communities will be focused on authoring Protection Profiles (PP) that support their goal of reasonable, comparable, reproducible and cost-effective evaluation results
* Evaluations should be done against these PP's if possible; if not mutual recognition of Security Target evaluations would be limited to EAL2.