|
Users of secure systems need some kind of assurance that the products they use provide adequate security. They could:
- Rely on the word of the manufacturer/service provider.
- Test the system themselves.
- Rely on an impartial assessment by an independent body (evaluation).
The Trusted Computer Security Evaluation Criteria (TCSEC, Orange Book) were the first evaluation criteria to gain wide acceptance. A number of other criteria have since been developed to improve on the Orange Book and to unify different criteria which have arisen. These are:
- Information Technology Security Evaluation (ITSEC)
- Canadian Trusted Computer Product Evaluation Criteria
- Federal Criteria
- Common Criteria
|
