Firewall Wizards mailing list archives
Re: Firewalls - ITSEC Rating?
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Thu, 03 Feb 2000 08:30:31 -0500
The ITSEC evaluation says that the product met the requirements documented in its "Security Target" document.
Right, if I understand correctly, it's a lot like those ISO9000 deals - you're evaluated on whether or not you actually do what you claim to do. And, since everyone's claims can be subtly different, in the end the evaluation is useless because a user of the evaluated product has to re-evaluate the product to see if the claims make sense for their purpose. I once thought about trying to get a 10baseT hub ITSEC evaluated as a firewall (albeit a very permissive one) but the mountains of paperwork and the huge amount of time and money necessary are daunting. I'm sure that many on this list will be shocked to hear me say this, but the ICSA firewall product certification is orders of magnitude more valuable to real customers than ITSEC evaluation. mjr.
Current thread:
- Firewalls - ITSEC Rating? Craig Martin (Feb 01)
- Re: Firewalls - ITSEC Rating? Rick Smith (Feb 02)
- Re: Firewalls - ITSEC Rating? Marcus J. Ranum (Feb 03)
- Re: Firewalls - ITSEC Rating? Rick Smith (Feb 04)
- Re: Firewalls - ITSEC Rating? John Alsop (Feb 06)
- Re: Firewalls - ITSEC Rating? Tim . Wundke (Feb 04)
- Re: Firewalls - ITSEC Rating? Marcus J. Ranum (Feb 03)
- Re: Firewalls - ITSEC Rating? Rick Smith (Feb 02)
- Re: Firewalls - ITSEC Rating? Christopher Nicholls (Feb 03)
- <Possible follow-ups>
- Re: Firewalls - ITSEC Rating? Matthew Pemble (Feb 03)
- Re: Firewalls - ITSEC Rating? Paul Emerson (Feb 04)
- RE: Firewalls - ITSEC Rating? Michael . Owen (Feb 14)
- Re: Firewalls - ITSEC Rating? Paul Emerson (Feb 04)
- RE: Firewalls - ITSEC Rating? Lemon, Henry L. (Feb 04)
- Re: Firewalls - ITSEC Rating? Predrag Zivic (Feb 06)
- Re: Firewalls - ITSEC Rating? ark (Feb 07)