Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT SECURITY EVALUATION ACCORDING TO HARMONIZED AND APPROVED CRITERIA

Published byJudith Normandin Modified over 5 years ago

Similar presentations

Presentation on theme: "IT SECURITY EVALUATION ACCORDING TO HARMONIZED AND APPROVED CRITERIA"— Presentation transcript:

1 IT SECURITY EVALUATION ACCORDING TO HARMONIZED AND APPROVED CRITERIA
Roland Mueller TÜViT, Inc. 8716 North Mopac Austin, TX 78731 phone: (512) URL:

2 Presentation Plan History of Harmonization
Evaluations within QM Scheme Characteristics of an Evaluation Process Main Goal of an Evaluation Types of Evaluations Scaled Security Basic Approach Evaluated IT Components / Systems

3 HISTORY OF HARMONIZATION
Orange Book (TCSEC) 1985 Federal Criteria Draft 1993 Canadian Criteria (CTCPEC) 1993 ITSEC 1991 Common Criteria 1998 ISO/IEC 15408 UK Confidence Levels 1989 German Criteria 1989 French Criteria 1989

4 EVALUATIONS WITHIN THE QM-SCHEME
TGA Certificate Accreditation Body (EN 45002/3) Evaluation Body (EN 45001) Certification Body (EN 45011) Manufacturer/Product ( ISO 9001)

5 CHARACTERISTICS OF AN EVALUATION PROCESS
Impartiality Repeatability Objectivity Reproducibility

6 MAIN GOAL OF AN EVALUATION
CONFIDENCE in implemented Security Measures

7 TYPES OF EVALUATIONS collaterally afterwards Re-Evaluation

8 SCALED SECURITY Security Functionality
technical security measures designed with a specific security purpose Assurance Level confidence in the correctness of the security functionality Effectiveness Level confidence in the robustness of the security functionality

9 SECURITY FUNCTIONALITY (I): DEFINITION
Confidentiality Integrity Availability

10 SECURITY FUNCTIONALITY (II): PRESENTATION
Generic Headings I&A Access Control Accountability ... Functional Requirements (Part II) modular hierarchical dependencies ITSEC CC or manufacturer requirements

11 ASSURANCE LEVEL E6 EAL7 E5 EAL6 ITSEC E4 EAL5 E3 EAL4 CC E2 EAL3
formally verified design and tested E2 EAL3 semi-formally verified design and tested E1 EAL2 semi-formally designed and tested methodically designed, tested and reviewed methodically tested and checked EAL1 structurally tested functionally tested

12 EFFECTIVENESS LEVEL protection against casual breach basic
protection against straightforward or intentional breach medium protection against deliberately planned or organized breach high

13 Security Target (Protection Profile)
BASIC APPROACH Security Target (Protection Profile) Installation Tests Configuration Specification Start Up Design Security Analyses Implementation Operation Development Environment Operational Environment

14 EVALUATED IT COMPONENTS / SYSTEMS
Smart card Operating Systems (E3 - E4, high) PC Security Products (E1, basic - E3, high) Smart card Readers (E1 - E2, basic) Personalization Systems (E2, medium) Security Modules (E3, high) Security Controller (Chip-Hardware) (E4, high) Technical Components According to SigG (E2, high / E4, high) ... „TÜViT History“

Download ppt "IT SECURITY EVALUATION ACCORDING TO HARMONIZED AND APPROVED CRITERIA"

Similar presentations

Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
© Crown Copyright (2000) Module 2.2 Development Representations.

© Crown Copyright (2000) Module 2.2 Development Representations.
DRIVING DOD POLICY FOR COMMON CRITERIA TESTING OF IT PRODUCTS Wanda Nuckolls, Product Security Project Manager Canon U.S.A., Inc. Government Marketing.

DRIVING DOD POLICY FOR COMMON CRITERIA TESTING OF IT PRODUCTS Wanda Nuckolls, Product Security Project Manager Canon U.S.A., Inc. Government Marketing.
Sony Smart Cards and International Evaluation 2 nd Common Criteria Conference London, UK 18-19 July 2001 i-Card System Solutions Division Broadband Network.

Sony Smart Cards and International Evaluation 2 nd Common Criteria Conference London, UK July 2001 i-Card System Solutions Division Broadband Network.
Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.

Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.
4/28/20151 Computer Security Security Evaluation.

4/28/20151 Computer Security Security Evaluation.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Chapter 16: Standardization and Security Criteria: Security Evaluation of Computer Products Guide to Computer Network Security.

Chapter 16: Standardization and Security Criteria: Security Evaluation of Computer Products Guide to Computer Network Security.
1 Common Criteria Ravi Sandhu. 2 Common Criteria International unification CC v2.1 is ISO 15408 Flexibility Separation of Functional requirements Assurance.

1 Common Criteria Ravi Sandhu. 2 Common Criteria International unification CC v2.1 is ISO Flexibility Separation of Functional requirements Assurance.
Effective Design of Trusted Information Systems Luděk Novák,

Effective Design of Trusted Information Systems Luděk Novák,
The Common Criteria for Information Technology Security Evaluation

The Common Criteria for Information Technology Security Evaluation
IT Security Evaluation By Sandeep Joshi

IT Security Evaluation By Sandeep Joshi
Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.

Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.

The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 10 – Trusted Computing.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 10 – Trusted Computing.
An Overview of Common Criteria Protection Profiles María M. Larrondo Petrie, PhD March 26, 2004.

An Overview of Common Criteria Protection Profiles María M. Larrondo Petrie, PhD March 26, 2004.
German Research Center for Artificial Intelligence Protection Profile for Central Requirements for Online Voting German Research Center for Artificial.

German Research Center for Artificial Intelligence Protection Profile for Central Requirements for Online Voting German Research Center for Artificial.
2002 10 21 Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.
Security Models and Architecture

Security Models and Architecture

Similar presentations

Ads by Google