IDS mailing list archives
RE: IDS Common Criteria
From: Joseph M Hoffman <hoffjose () us ibm com>
Date: Tue, 7 Jan 2003 14:12:27 -0600
FYI, The CC represents the outcome of a series of efforts to develop criteria for evaluation of IT security that are broadly useful within the international community. In the early 1980's the Trusted Computer System Evaluation Criteria (TCSEC) was developed in the United States. In the early 1990's Europe developed the Information Technology Security Evaluation Criteria (ITSEC) built upon the concepts of the TCSEC. In 1990 the Organization for Standardization (ISO) sought to develop a set of international standard evaluation criteria for general use. The CC project was started in 1993 in order to bring all these (and other) efforts together into a single international standard for IT security evaluation. The new Criteria was to be responsive to the need for mutual recognition of standardized security evaluation results in a global IT market. Joseph M. Hoffman,CCSA,CCSE,NSWC,SBFCC,B.A. I.B.M. Security & Privacy Services t/l 642-6934 816-556-6934 hm 816-228-3275 pcs 816-721-3275 The highest reward for man's toil is not what he gets for it, but what he becomes by it. John Ruskin "Alan Shimel" <alan () latis com> To: "Talisker" <talisker () networkintrusion co uk>, <focus-ids () securityfocus com>, <ids () mailman vet com au> 01/06/2003 02:53 cc: PM Subject: RE: IDS Common Criteria Common Criteria is just a criteria that the us govt uses to insure that the product does what the producers say. It is not a test such as nss, etc. with a grading it is just a check off so that govt. folks can buy the product. The testing for common criteria is done by authorized labs and can cost upwards of 100k to have done. It is more a test of financial resources in getting it done that anything else. We are looking at having it done here as well alan Alan Shimel VP of Sales & Business Development Latis Networks, Inc. 303-642-4515 Direct 516-857-7409 Mobile 303-642-4501 Fax www.stillsecure.com Reducing your risk has never been this easy. . . . The information transmitted is intended only for the person to which it is addressed and may contain confidential material. Review or other use of this information by persons other than the intended recipient is prohibited. If you've received this in error, please contact the sender and delete from any computer. -----Original Message----- From: Talisker [mailto:talisker () networkintrusion co uk] Sent: Monday, January 06, 2003 11:14 AM To: focus-ids () securityfocus com; ids () mailman vet com au Subject: IDS Common Criteria Hi all Sorry about cross posting this on the SF and Australian IDS list I received a marketing post this morning from Intrusion Inc saying that their SecureNetPro is the only IDS to have passed Common Criteria Certification, I was under the impression that another IDS vendor (ISS) had already achieved similar. Is there a RealSecure fan out there that could confirm this ? Outside Government and Military circles where I can see Common Criteria Certification being extremely useful, how valuable is it, ie within the financial sector etc ? More importantly what are it's failings? take care -andy Taliskers Network Security Tools http://www.networkintrusion.co.uk
Current thread:
- Re: [IDS] IDS Common Criteria, (continued)
- Re: [IDS] IDS Common Criteria Randy Taylor (Jan 07)
- Re: [IDS] IDS Common Criteria Frederick M Avolio (Jan 07)
- Re: [IDS] IDS Common Criteria Randy Taylor (Jan 07)
- Re: [IDS] IDS Common Criteria Talisker (Jan 07)
- Re: [IDS] IDS Common Criteria Randy Taylor (Jan 07)
- RE: [IDS] IDS Common Criteria Greg van der Gaast (Jan 08)
- Re: [IDS] IDS Common Criteria Randy Taylor (Jan 07)