• DocumentCode
    994062
  • Title

    Developer-focused assurance requirements [Evaluation Assurance Level and Common Criteria for IT system evaluation]

  • Author

    Stoneburner, Gary

  • Author_Institution
    Appl. Phys. Lab., Johns Hopkins Univ., MD, USA
  • Volume
    38
  • Issue
    7
  • fYear
    2005
  • fDate
    7/1/2005 12:00:00 AM
  • Firstpage
    91
  • Lastpage
    93
  • Abstract
    In 1999, the International Organization for Standardization and the International Electrotechnical Commission jointly published the Common Criteria for Information Technology Security revaluation to provide IT security evaluation guidelines that extend to an international community. The assurance requirements, including prepackaged sets of Evaluation Assurance Levels (EALs) in the Common Criteria (CC), represent the paradigm that assurance equals evaluation, and more evaluation leads to more assurance. This paradigm is at odds with the commercial off-the-shelf (COTS) marketplace, neither reflecting how confidence is typically achieved nor providing a cost-effective means for supplying grounds for confidence in the security capabilities of the information technology being evaluated.
  • Keywords
    formal specification; information technology; quality assurance; security of data; Common Criteria; Evaluation Assurance Level; IT security evaluation guidelines; commercial off-the-shelf marketplace; developer-focused assurance requirements; Computer security; Costs; IEC standards; ISO standards; Information security; Information technology; Laboratories; Performance evaluation; Physics computing; Standards development; IT security; common criteria; evaluation assurance levels; standards;
  • fLanguage
    English
  • Journal_Title
    Computer
  • Publisher
    ieee
  • ISSN
    0018-9162
  • Type

    jour

  • DOI
    10.1109/MC.2005.227
  • Filename
    1463119
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=994062