[...]... (1999-12-01), Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional requirements Ⅲ ISO/IEC 15408-3 (1999-12-01), Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance requirements Parallel to this effort was the development and release of the Common Evaluation Methodology, referred to as the CEM... Step 2 Exhibit 16 Sample Organizational Security Policies Exhibit 17 Chronology of Threat Control Measures Exhibit 18 Priorities for Preventing Security Vulnerabilities Exhibit 19 Sample Security Objectives for TOE Exhibit 20 Sample Security Objectives for the Environment Exhibit 21 Selection of Security Functional Requirements Exhibit 22 Security Functional Requirements (SFRs) Mapped to Security Objectives... Exhibit Exhibit Exhibit Exhibit Exhibit Exhibit Exhibit Exhibit Exhibit Exhibit Exhibit Exhibit Exhibit Exhibit Exhibit Exhibit Exhibit Exhibit Exhibit Exhibit Exhibit Exhibit Exhibit Exhibit Exhibit 5 Relationship between an ST and a PP for a Composite TOE 6 ST Identification Examples 7 ST System Type 8 ST Architecture Example 9 TOE Security Boundary Definitions 10 ST Assumptions 11 ST Threat Identification... Communities published the Information Technology Security Evaluation Criteria (ITSEC) in June 1991 OECD released Guidelines for the Security of Information Systems in November 1992 The Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) came two months later, in January 1993 These were followed by the ECMA Technical Report on the Secure Information Processing versus the Concept of Product Evaluation. .. of the TCSEC, National Computer Security Center JTC1 SC27 WG3 formed UKSP01, U.K IT Security Evaluation Scheme: Description of the Scheme, CommunicationsElectronics Security Group NCSC-TG-021, v1.0, Trusted DBMS Interpretation of the TCSEC, National Computer Security Center Information Technology Security Evaluation Criteria (ITSEC), v1.2, Office for Official Publications of the European Communities... it is transferred within a TOE FDP_ITT.1 Basic data authentication Data authentication with identity of guarantor Export of user data without security attributes Export of user data with security attributes Subset information flow control Complete information flow control Simple security attributes Hierarchical security attributes Limited illicit information flows Partial elimination of illicit information... CEM-99/045, Common Methodology for Information Technology Security Evaluation, Part 2: Evaluation Methodology, v1.0 ISO/IEC 15408, Information technology — Security Techniques — Evaluation Criteria for IT Security, Parts 1–3 released Respond to Requests for Interpretations, issue final interpretations, incorporate final interpretations Common Criteria Recognition Agreement signed CEM-2001/0015, Common Methodology... Sweden, the United Kingdom, and the United States © 2003 CRC Press LLC 1.1 Purpose This book is a user’s guide for the Criteria for IT Security Evaluation It explains in detail how to understand, interpret, apply, and employ the Common Criteria methodology throughout the life of a system, including the acquisition and certification and accreditation (C&A) processes 1.2 Scope This book is limited to... 15408, Parts 1–3 (Criteria for IT Security Evaluation) , was approved as an international standard The Common Criteria (CC) are considered the international standard for information technology (IT) security and provide a complete methodology, notation, and syntax for specifying security requirements, designing a security architecture, and verifying the security integrity of an “as built” product, system,... Guidelines for the Security of Information Systems, Organization for Economic Cooperation and Development Federal Criteria for Information Technology Security, v1.0, Vols I and II The Canadian Trusted Computer Product Evaluation Criteria (CTCPEC), Canadian System Security Centre, Communications Security Establishment, v3.oe CC Editing Board established Secure Information Processing Versus the Concept . Policies Exhibit 17. Chronology of Threat Control Measures Exhibit 18. Priorities for Preventing Security Vulnerabilities Exhibit 19. Sample Security Objectives for TOE Exhibit 20. Sample Security Objectives. (Criteria for IT Security Evaluation) , was approved as an international standard. The Common Criteria (CC) are considered the international standard for information technology (IT) security and provide. Norway, Spain, Sweden, the United Kingdom, and the United States. © 2003 CRC Press LLC 1.1 Purpose This book is a user’s guide for the Criteria for IT Security Evaluation. It explains in detail