Please enable JavaScript.
Coggle requires JavaScript to display documents.
Security Engineering (common criteria process (prepare security targets or…
Security Engineering
common criteria process
prepare security targets or ST
written statement provided by vendor which describes the security functionality of a particular security product
TOE - Target of evaluation
refers to a product proposed to provide the security solution
create protection profiles or PP
description of a needed security solution
Process creates a EAL or evaluation assurance level
EAL of 1 - 7. 7 is highest
Package
defined as an intermediate combination of security requirement components.
International Standard 15408
The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard (ISO/IEC 15408) ...in which computer system users can specify their security functional and assurance requirements (SFRs and SARs respectively) through the use of Protection Profiles " (source:
http://en.wikipedia.org/wiki/Common_Criteria
)
Evaluation Models
TCSEC - developed by NCSC - Rainbow series
Category A - verified protection
Category B - mandatory protection
Category C discretionary protection
Category D minimal protection
Red Book - Trusted Network Interpretation of the TCSEC