Due to the growing dependence of the economy and administration on the proper functioning and unrestricted availability of information technology systems, the confidentiality, availability and integrity of data (IT security) is becoming increasingly important.

In order to ensure secure handling of data and information-processing systems, it is necessary to develop and comply with security standards appropriate to the respective risk situation. Criteria for testing and evaluating IT security serve as a uniform standard for assessing the security of information technology systems.

According to the BSI Establishment Act (BSIG of 17/12/1990), it is one of the assigned tasks of the Federal Office for Information Security (BSI) to create IT security criteria. For this reason, the BSI has been working for years at international level in working groups on the establishment of IT security criteria.

History of the development of IT security criteria:

1983 Trusted Computer Security Evaluation Criteria Orange Book -- TCSEC

1989 German IT Security Criteria (ITS)

1991 Information Technology Security Evaluation Criteria ITSEC and ITSEM

1998/99 Common Criteria Version 2.0 and CEM Part 2: Evaluation Methodology, Version 1.0

2005 Common Criteria Version 2.3 and Evaluation Methodology CEM Version 2.3

2006 Common Criteria Version 3.1 and Evaluation Methodology CEM Version 3.1

In developing security criteria, the objective is to:

• provide a guideline for the development of secure and confidential systems,
• enable an objective evaluation of these systems by a neutral and competent body (as opposed to a manufacturer's declaration), and
• support the users/operators in the selection of a suitable IT security product.