By Topic

Developer-focused assurance requirements [Evaluation Assurance Level and Common Criteria for IT system evaluation]

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Stoneburner, G. ; Appl. Phys. Lab., Johns Hopkins Univ., MD, USA

In 1999, the International Organization for Standardization and the International Electrotechnical Commission jointly published the Common Criteria for Information Technology Security revaluation to provide IT security evaluation guidelines that extend to an international community. The assurance requirements, including prepackaged sets of Evaluation Assurance Levels (EALs) in the Common Criteria (CC), represent the paradigm that assurance equals evaluation, and more evaluation leads to more assurance. This paradigm is at odds with the commercial off-the-shelf (COTS) marketplace, neither reflecting how confidence is typically achieved nor providing a cost-effective means for supplying grounds for confidence in the security capabilities of the information technology being evaluated.

Published in:

Computer  (Volume:38 ,  Issue: 7 )