The Common Criteria standard is composed of multiple types of evaluations, each with different characteristics and processing methods. In the following lines, several of these evaluation components will be detailed, offering a good overview of the Common Criteria and its functioning.

The main subject of all of the evaluation components is the target of evaluation (TOE), which represents the computer system, product, or entity upon which the evaluation is carried out. This evaluation can be performed in multiple ways. The main purpose of the evaluation is to validate all claims about the target, especially its security measures, properties and features.

A protection profile (PP) will come in the form of a document that is created either by the individual user or a community. It is the main factor determining the security requirements for any given product, entity or object, that customers may subject to the evaluation process. In other words, the protection profile enables producers and customers to automatically assign their corresponding products to a specific security class, right from the manufacturing process. This way, they can facilitate an efficient security evaluation by subjecting their products directly to the respective security class.

Another important component of the Common Criteria is represented by the Security Target (ST), which represents the document used for identifying the particular security functions that are to be offered by a specific product, entity or object. A well-developed library of functions is employed by the Common Criteria standard when performing such evaluations, in order to increase the efficiency when trying to classify a product into a security function. One must however, note that the security target can vary greatly, even in the same product class. This is due to the fact that identical products can serve multiple security functions, and are not especially dependent on one another, as they are able to work individually.