By Topic

Building an international security standard

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Caplan, K. ; Comput. Sci. Corp., USA ; Sanders, J.L.

The Common Criteria for Information Technology Security Evaluation standard (CC) promises to replace scattered and often conflicting regional and national security standards. An emerging international standard, it is intended to support developers, evaluators and consumers of security products. The CC provides a framework to rate products by evaluation assurance level (EAL). Each EAL embodies a recommended set of assurance requirements: the higher the EAL, the more secure the product. You can use EALs to pick and choose which assurance requirements you want to satisfy. Think of the EALs as you would think of bandwidth or processor speed. Not everyone in your organization needs a dedicated T3 line or a 450 MHz desktop. Likewise, not every security product you use needs an EAL7 rating. The article shows how you, as a security products consumer, can use the CC to help determine if a given product meets your security needs. By rating different products according to their EALs, the CC can help you comparison shop and select an appropriately secure product. Further, the standard's international scope can help you integrate your system's security components with those in other countries-whether those components belong to customers, vendors, or other divisions of your own enterprise

Published in:

IT Professional  (Volume:1 ,  Issue: 2 )