At present, no internationally accepted standards for evaluating and comparing the security capabilities of IT systems and products exist. Within the European Community, four nations (France, Germany, the Netherlands, and the United Kingdom) have been working together to harmonize and extend their national initiatives in this field, culminating in the production and distribution for international review of the draft Information Technology Security Evaluation Criteria (ITSEC), a set of criteria for the security evaluation of IT systems and products. Details of the ITSEC criteria are described for the benefit of those with an interest in IT security who seek international standardization and support the production and assessment of open systems.<>