ISO/IEC. Third edition. Information technology — Security techniques — Evaluation criteria for IT security —. Part 2: Security functional. ISO/IEC (E). PDF disclaimer. This PDF file may contain embedded typefaces. In accordance with Adobe’s licensing policy, this file. The Common Criteria for Information Technology Security Evaluation is an international standard (ISO/IEC ) for computer security certification.
|Published (Last):||15 August 2012|
|PDF File Size:||15.80 Mb|
|ePub File Size:||5.9 Mb|
|Price:||Free* [*Free Regsitration Required]|
Views Read Edit View history. This will be achieved through technical working groups developing worldwide PPs, and as yet a transition period has not been fully determined. Thus they should only be considered secure in the assumed, specified circumstances, also known as the evaluated configuration. Common Criteria 1548-2 very generic; it does not directly provide a list of product security requirements or features for specific classes of products: The United Kso currently only allows PP-based evaluations.
Objections outlined in the article include:. Various Microsoft Windows versions, including Windows Server and Windows XPhave been certifiedbut security patches to address security vulnerabilities are still getting published by Microsoft for these Windows systems. Vendors can then implement or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims. Wheeler suggested that the Common Criteria ios discriminates against free and open-source software FOSS -centric organizations and development models.
In Sept ofthe Common Criteria published a Vision Statement implementing to a large extent Chris Salter’s thoughts oso the previous year.
Evaluations at EAL5 1508-2 above tend to involve the security requirements of the host nation’s government. The compliance with ISO is typically demonstrated to a National approval authority:. Archived from the original PDF on April 17, List of International Electrotechnical Commission standards. In a research paper, computer specialist David A. This shows both the limitation and strength of an evaluated configuration. Further, uso vision indicates a move away from assurance levels altogether and evaluations will be confined to conformance with Protection Profiles that have no stated assurance level.
Canada is in the process of phasing out EAL-based evaluations. There is some concern that this may have a negative impact on mutual recognition. This page was last edited on 6 Decemberat In other words, Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use.
Common Criteria – Wikipedia
Computer security standards Evaluation of computers ISO standards. The UK has also produced a number of alternative schemes when the timescales, costs and overheads of mutual recognition have been found to be impeding the operation of the market:.
Whether you run Microsoft Windows in the precise evaluated configuration or not, you should apply Microsoft’s security patches for the vulnerabilities in Windows as they continue to appear. As well as the Common Criteria standard, there is also a sub-treaty level Common Criteria MRA Mutual Recognition Arrangementwhereby each party thereto recognizes evaluations against the Common Criteria standard done by other parties.
From Wikipedia, the free encyclopedia. It is currently in version 3. Evaluations activities are therefore only performed to a certain depth, use of time, and resources and offer reasonable assurance for the intended environment.
Common Criteria certification cannot guarantee security, but it can ensure that claims about the security attributes of the evaluated product were independently verified. Failure by the 15408- to take either of these steps would result in involuntary withdrawal of the product’s certification by the certification body of the country in which the product was evaluated.
Standard ISO/IEC , CC v Release 4
There are no security requirements that address the need to trust external systems or the communications links to such systems. The evaluation process also tries to establish the level of confidence that may be placed in the product’s security features through quality assurance processes:. Characteristics of these organizations were examined and presented at ICCC