Re: [IDS] IDS Common Criteria

["Talisker" <talisker () networkintrusion co uk>]

Sadly within the public sector installing an IDS isn't merely a question of
having sufficient resources to achieve the objective, there are also a
plethora of political and accreditation issues to overcome.  CC can help to
surmount many of the bureaucratic mountains that lie in the way.
I don't agree with it, but it's a fact of life,  I can't see another way
until common sense prevails.  Unfortunately public sector and common sense
rarely walk hand in hand.

just my 2c

take care
-andy

Taliskers Network Security Tools
http://www.networkintrusion.co.uk
----- Original Message -----
From: "Frederick M Avolio" <fred () avolio com>
To: "Randy Taylor" <gnu () charm net>; <focus-ids () securityfocus com>;
<ids () mailman vet com au>
Sent: Tuesday, January 07, 2003 9:04 PM
Subject: Re: [IDS] IDS Common Criteria


> Sorry, Randy. To be sure. I was responding directly in context.
>
> Andy asked
> > Outside Government and Military circles where I can see Common Criteria
> > Certification being extremely useful,  how valuable is it, ie within the
> > financial sector etc ?
>
> I don't think it is valuable at all. I don't see how it possibly could be
> for government, either. But, to the poor vendor who now has to comply with
> it... yes, it is essential.
>
> Perhaps it stimulates the economy. :-)
>
> Fred
>
>
>   At 03:22 PM 1/7/2003 -0500, Randy Taylor wrote:
> > > Is Common Criteria useful? I don't see how it is.
> > >
> > > Fred
> >
> > If you sell IT security products into the U.S Government, like IDS,
firewalls,
> > or crypto, or a U.S Government purchaser of same, the usefulness of
> > Common Criteria isn't a debatable topic anymore.
> >
> > Best regards,
> >
> > Randy