There is a good article on the Common Criteria in Information Systems Security Association’s (ISSA) monthly newsletter. Here is the link, but it is restricted to members.

Here are a few good quotes:

“Common Criteria … provides a mechanism for evaluating and certifying IT security products, as opposed to sites.”

“Common Criteria has a built-in mechanism that enables customer groups to define their own requirements by packaging the pre-defined Common Criteria requirements in the form of Protection Profiles”

“Evaluation Assurance Level (EAL) refers to the level of confidence in the conclusions of the evaluation, and not to the level of security the product provides. In other words, you can have more confidence that an EAL4 product performs as advertised than an EAL2 product, because an EAL4 evaluation examines more aspects of product development (including testing) at a greater level of detail than does the EAL2 evaluation”.

If you are an ISSA member and want to understand the basics of Common Criteria this is worth the read.