Common Criteria is an internationally recognized standard and an ISO standard (ISO/IEC 15408/18045) for evaluating the security claims of IT products. With a Common Criteria certification, the claims made about the security attributes of the evaluated product are independently verified. This standard provides a clear chain of evidence proving the specification, implementation, and evaluation of a solution has been conducted in a rigorous and standard manner by an independent evaluation laboratory.
Zoom’s Common Criteria Certification
The Zoom client (v5.6.6) for Windows, macOS, Android, and iOS is currently certified to Common Criteria (v3.1 rev 5). The certificate is issued by the German Federal Office for Information Security (BSI). The scope of the Security Target includes the main functionality of the Zoom Meetings and Zoom Team Chat which is maintained on a regular basis. Users are encouraged to use the latest available (non-certified) version of the Zoom client to take advantage of the Zoom client’s latest security updates and features.
– Certificate – Certificate issued by BSI
– Security Target – describes the product version(s) in scope and the security functionality of the product
– Guidance Document – provides guidance on securely configuring the product to match the evaluated configuration
– Certification Report – documents the results of the evaluation