A Survey of Common Criteria Certification Scheme Cryptographic Algorithm Requirements (R21b)
Common Criteria evaluations require testing of all cryptographic functions claimed in a Security Target but the precise algorithms, key lengths, and amount of testing required may vary from one scheme to another. The Certificate Authorizing members of the CCRA providing specific policy for their cryptographic requirements include Australia, Canada, France, Germany, Malaysia, the Netherlands, Sweden, and the United States.
Some schemes, for example the US, follow CMVP guidelines and NIST standards while others specify their own conditions for approval of cryptographic functionality. This presentation will compare the requirements published by the aforementioned schemes and examine how these differences could affect a CC evaluation.