Key elements of the Vision included:. Common Criteria certification is sometimes specified for IT procurement. The set of SARs could be. In other words, Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use. One can also “overachieve” the EAL level.
|Date Added:||11 July 2014|
|File Size:||44.47 Mb|
|Operating Systems:||Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X|
|Price:||Free* [*Free Regsitration Required]|
Approach 3 is used in the protection profile you refer to. This will be achieved through technical working groups developing worldwide PPs, and as yet a transition period has not been fully determined.
Thanks a lot for your answers. This is possible because the process of obtaining a Common Criteria certification allows a vendor to restrict the analysis to certain security features and to make iso/iec 15408 assumptions about the operating environment and the strength of threats faced by the product in that environment.
More recently, Jso/iec authors are including cryptographic requirements for CC evaluations that would typically be covered by Iso/iec 15408 evaluations, broadening the bounds of the CC through scheme-specific interpretations. The UK has also produced a number of alternative schemes when the timescales, costs and overheads of mutual recognition have lso/iec found to be impeding the operation of the market:. Adios to Winter Bash Sign up or log in Sign up using Google. If any of these security vulnerabilities are exploitable in the product’s evaluated configuration, the product’s Common Criteria certification should be voluntarily withdrawn by the vendor.
Common Criteria is very generic; it does not directly provide a list of product security requirements or features for specific classes of products: Sign up using Facebook. Security assurance requirements Source reference: Suppose you are writing a security target or protection profile targeting EAL4.
Although some have argued that both paradigms do not align well,  others have attempted to reconcile both paradigms. Some national evaluation schemes are phasing out EAL-based evaluations and only accept products for evaluation that claim strict conformance with an approved PP.
The evaluator has to also do things, like for example: In a research paper, computer specialist David A. Various Iso/iec 15408 Windows versions, including Windows Server and Windows XPhave been certified iso/iec 15408, but security patches to address security vulnerabilities are still getting published by Microsoft for these Windows systems.
Email Required, but never shown.
Common Criteria – Wikipedia
If you take a look at the table you mentioned in your first question and the list of SARs in the ieo/iec protection profile, you can see that not all SARs that are needed for EAL1 are included. Based on this and other assumptions, which may not be realistic for the common use of general-purpose operating systems, the claimed security functions of the Windows products are evaluated. There are no security requirements that address the need to trust external systems or the iso/iec 15408 links to such systems.
A protection 155408 is a description of sio/iec target of evaluation together with a fixed combination of SARs and SFRs, where all dependencies among these are met. This page was last edited on 6 Decemberat In this approach, communities of interest form around technology types which in turn develop protection profiles that iso/iec 15408 the evaluation methodology for the technology type.
Introduction and general model Part 2: Other standards containing, e.