93:
functional requirements. Unfortunately, interpreting the security implications of the PP for the intended application requires very strong IT security expertise. Evaluating a product is one thing, but deciding if some product's CC evaluation is adequate for a particular application is quite another. It is not obvious what trusted agency possesses the depth in IT security expertise needed to evaluate
92:
Although the EAL is easiest for laymen to compare, its simplicity is deceptive because this number is rather meaningless without an understanding the security implications of the PP(s) and ST used for the evaluation. Technically, comparing evaluated products requires assessing both the EAL and the
100:
The problem of applying evaluations is not new. This problem was addressed decades ago by a massive research project that defined software features that could protect information, evaluated their strength, and mapped security features needed for specific operating environment risks. The results
76:
A PP states a security problem rigorously for a given collection of system or products, known as the Target of
Evaluation (TOE) and to specify security requirements to address that problem without dictating how these requirements will be implemented. A PP may inherit requirements from one or more
113:
defined a matrix of security environments and assessed the risk of each. It then established precisely what security environment was valid for each of the Orange Book categories. This approach produced an unambiguous layman's cookbook for how to determine whether a product was usable in a
50:(EAL), a number 1 through 7, indicating the depth and rigor of the security evaluation, usually in the form of supporting documentation and testing, that a product meets the security requirements specified in the PP.
109:
followed a less advanced approach defining functional protection capabilities and appropriate assurance requirements as single category. Seven such categories were defined in this way. Further, the
40:
46:
A PP specifies generic security evaluation criteria to substantiate vendors' claims of a given family of information system products. Among others, it typically specifies the
196:
217:
264:
227:
35:(ST), it is typically created by a user or user community and provides an implementation independent specification of
246:
65:
84:(ST) which may comply with one or more PPs. In this way a PP may serve as a template for the product's ST.
80:
In order to get a product evaluated and certified according to the CC, the product vendor has to define a
47:
143:
132:
115:
233:
36:
27:) is a document used as part of the certification process according to ISO/IEC 15408 and the
39:
security requirements. A PP is a combination of threats, security objectives, assumptions,
8:
223:
186:
114:
particular application. Loss of this application technology seems to have been an
81:
32:
28:
110:
106:
102:
247:
https://www.commoncriteriaportal.org/files/ppfiles/anssi-profil_PP-2014_01.pdf
258:
62:
191:
105:. Rather than separating the EAL and functional requirements, the
61:(NSA) have agreed to cooperate on the development of validated
43:(SFRs), security assurance requirements (SARs) and rationales.
118:
of the superseding of the Orange Book by the Common
Criteria.
54:
58:
97:
applicability of Common
Criteria evaluated products.
164:
256:
126:
55:National Institute of Standards and Technology
121:
219:Evaluation of Electronic Voting (Chapter 8)
215:
16:Part of ISO/IEC 15408 and Common Criteria
209:
257:
13:
14:
276:
187:International Protection Profiles
180:
173:Remote electronic voting systems
165:Validated non-U.S. government PP
87:
41:security functional requirements
31:(CC). As the generic form of a
240:
1:
202:
197:Computer Security Act of 1987
176:Trusted execution environment
265:Computer security procedures
127:Validated U.S. government PP
7:
10:
281:
71:
48:Evaluation Assurance Level
144:Certification Authorities
135:(Sunset Date: 2011.06.01)
122:Security devices with PPs
192:NIAP Protection Profiles
59:National Security Agency
101:were documented in the
116:unintended consequence
37:information assurance
216:M. Volkamer (2009).
21:Protection Profile
229:978-3-642-01661-5
272:
249:
244:
238:
237:
232:. Archived from
213:
157:Operating System
280:
279:
275:
274:
273:
271:
270:
269:
255:
254:
253:
252:
245:
241:
230:
214:
210:
205:
183:
167:
129:
124:
90:
82:Security Target
74:
57:(NIST) and the
33:Security Target
29:Common Criteria
17:
12:
11:
5:
278:
268:
267:
251:
250:
239:
236:on 2013-02-03.
228:
207:
206:
204:
201:
200:
199:
194:
189:
182:
181:External links
179:
178:
177:
174:
171:
166:
163:
162:
161:
158:
155:
152:
149:
146:
141:
139:
136:
128:
125:
123:
120:
103:Rainbow Series
89:
86:
73:
70:
15:
9:
6:
4:
3:
2:
277:
266:
263:
262:
260:
248:
243:
235:
231:
225:
221:
220:
212:
208:
198:
195:
193:
190:
188:
185:
184:
175:
172:
169:
168:
159:
156:
153:
150:
147:
145:
142:
140:
137:
134:
131:
130:
119:
117:
112:
108:
104:
98:
96:
88:Problem areas
85:
83:
78:
69:
67:
64:
60:
56:
51:
49:
44:
42:
38:
34:
30:
26:
22:
242:
234:the original
222:. Springer.
218:
211:
138:Key Recovery
99:
94:
91:
79:
75:
52:
45:
24:
20:
18:
170:Smart Cards
111:Yellow Book
107:Orange Book
77:other PPs.
203:References
133:Anti-Virus
66:government
154:Firewalls
259:Category
95:systems
72:Purpose
226:
148:Tokens
160:IDS/h
68:PPs.
224:ISBN
151:DBMS
63:U.S.
53:The
261::
25:PP
19:A
23:(
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.