Skip to main content
Common Criteria Meets Realpolitik Trust, Alliances, and Potential Betrayal
IEEE Security & Privacy (2012)
  • Jan Kallberg, University of Texas at Dallas

Common Criteria for Information Technology Security Evaluation has the ambition to be a global standard for IT-security certification. The issued certifications are mutually recognized between the signatories of the Common Criteria Recognition Arrangement. The key element in any form of mutual relationships is trust. A question raised in this paper is how far trust can be maintained in Common Criteria when additional signatories enter with conflicting geopolitical interests to earlier signatories. Other issues raised are control over production, the lack of permanent organization in the Common Criteria, which leads to concerns of being able to oversee the actual compliance. As Common Criteria is formulated today it is unlikely that it would survive over time. The reasons why it might fail are the rigid framework, rapid technical development makes a security target a moving target leading to instability and uncertainty, and the increased militarization in cyberspace moving from information assurance to information operations.

  • common criteria,
  • standards,
  • cyber security,
  • state actor,
  • cyber operations,
  • trust,
  • nation state,
  • coalition,
  • NATO,
  • information security,
  • conflict,
  • war,
  • CCRA
Publication Date
Summer August 1, 2012
Citation Information
Jan Kallberg. "Common Criteria Meets Realpolitik Trust, Alliances, and Potential Betrayal" IEEE Security & Privacy Vol. 10 Iss. 4 (2012)
Available at: