IDS mailing list archives
RE: IDS Common Criteria
From: Joseph M Hoffman <hoffjose () us ibm com>
Date: Tue, 7 Jan 2003 14:12:27 -0600
FYI,
The CC represents the outcome of a series of
efforts to develop criteria for evaluation of IT security that are
broadly useful within the international community.
In the early 1980's the Trusted Computer System Evaluation
Criteria (TCSEC) was developed in the United
States. In the early 1990's Europe developed the Information
Technology Security Evaluation Criteria (ITSEC)
built upon the concepts of the TCSEC. In 1990 the
Organization for Standardization (ISO) sought to
develop a set of international standard evaluation criteria for
general use. The CC project was started in 1993 in
order to bring all these (and other) efforts together into a
single international standard for IT security
evaluation. The new Criteria was to be responsive to the need for
mutual recognition of standardized security
evaluation results in a global IT market.
Joseph M. Hoffman,CCSA,CCSE,NSWC,SBFCC,B.A.
I.B.M. Security & Privacy Services
t/l 642-6934
816-556-6934
hm 816-228-3275
pcs 816-721-3275
The highest reward for man's toil is not what he gets for it, but what he
becomes by
it.
John Ruskin
"Alan Shimel"
<alan () latis com> To: "Talisker" <talisker () networkintrusion co uk>,
<focus-ids () securityfocus com>, <ids () mailman vet com au>
01/06/2003 02:53 cc:
PM Subject: RE: IDS Common Criteria
Common Criteria is just a criteria that the us govt uses to insure that
the product does what the producers say. It is not a test such as nss,
etc. with a grading it is just a check off so that govt. folks can buy
the product. The testing for common criteria is done by authorized labs
and can cost upwards of 100k to have done. It is more a test of
financial resources in getting it done that anything else. We are
looking at having it done here as well
alan
Alan Shimel
VP of Sales & Business Development
Latis Networks, Inc.
303-642-4515 Direct
516-857-7409 Mobile
303-642-4501 Fax
www.stillsecure.com
Reducing your risk has never been this easy.
. . .
The information transmitted is intended only for the person
to which it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer.
-----Original Message-----
From: Talisker [mailto:talisker () networkintrusion co uk]
Sent: Monday, January 06, 2003 11:14 AM
To: focus-ids () securityfocus com; ids () mailman vet com au
Subject: IDS Common Criteria
Hi all
Sorry about cross posting this on the SF and Australian IDS list
I received a marketing post this morning from Intrusion Inc saying that
their SecureNetPro is the only IDS to have passed Common Criteria
Certification, I was under the impression that another IDS vendor (ISS)
had
already achieved similar. Is there a RealSecure fan out there that
could
confirm this ?
Outside Government and Military circles where I can see Common Criteria
Certification being extremely useful, how valuable is it, ie within the
financial sector etc ? More importantly what are it's failings?
take care
-andy
Taliskers Network Security Tools
http://www.networkintrusion.co.uk
Current thread:
- Re: [IDS] IDS Common Criteria, (continued)
- Re: [IDS] IDS Common Criteria Randy Taylor (Jan 07)
- Re: [IDS] IDS Common Criteria Frederick M Avolio (Jan 07)
- Re: [IDS] IDS Common Criteria Randy Taylor (Jan 07)
- Re: [IDS] IDS Common Criteria Talisker (Jan 07)
- Re: [IDS] IDS Common Criteria Randy Taylor (Jan 07)
- RE: [IDS] IDS Common Criteria Greg van der Gaast (Jan 08)
- Re: [IDS] IDS Common Criteria Randy Taylor (Jan 07)