computersecurityhandbook.com
Home  >  Fourth Edition  >  Chapter 27
Chapter 27 –  Standards for Security Products
     Paul J. Brusil, Ph.D
     Noel Zakin

Chapter Contents:

   27.1    Introduction
   27.2    Security Assessment Standards Associated with Security Implementations
   27.2.1    Security Technology and Product Assessment Standards
   27.2.1.1    Security Proof of Concept Keystone (SPOCK)
   27.2.1.2    VPN Consortium
   27.2.2    Standards for Assessing Security Implementers
   27.2.2.1    Capability Maturity Model
   27.2.2.2    Quality (ISO 9000)
   27.2.3    Combined Product and Product Builder Assessment Standards
   272.3.1    Competing National Criteria Standards
   27.2.3.2    Common, Consolidated Criteria standard
   27.3    Establishing Trust in Products and Systems and Managing Risks
   27.3.1    Why Trust and Risk Management Are Important
   27.3.2    Alternatives Methods of Establishing Trust
   27.3.2.1    Nonstandard trust development alternatives
   27.3.2.2    Standard-based trust development alternatives
   27.4    Common Criteria Paradigm
   27.4.2    Details about the Common Criteria Standard
   27.4.2.1    Models for security profiles
   27.4.2.2    Security functional requirements catalog
   27.4.2.3    Security assurance requirements catalog
   27.4.2.4    Comprehensiveness of requirements catalogs
   27.4.3    Using the Common Criteria Standard to Define Security Requirements and Security Solutions
   27.4.3.1    Profiles and their construction
   27.4.3.2    Security targets
   27.4.3.3    PP/ST development tools
   27.4.4    Defining Common Test Methodology
   27.4.4.1    Common Evaluation Methodology
   27.4.4.2    Benefits of the Common Evaluation Methodology
   27.4.5    Mutual Recognition of Testing and National Testing Schemes
   27.4.5.1    Mutual Recognition Arrangement
   27.4.5.2    National schemes
   27.4.6    Common Criteria Evaluation and Validation Scheme of the United States
   27.4.7    Accredited Testing
   27.4.7.1    Testing products and profiles
   27.4.7.2    Accrediting security testing laboratories
   27.4.8    Testing Validation
   27.4.8.1    Validating test results
   27.4.8.2    Operating and maintaining the validation service
   27.4.9    Recognizing Validated Products and Profiles
   27.4.9.1    Issuing Common Criteria certificates
   27.4.9.2    Posting validations
   27.4.10    Summary
   27.5    Notes

Please report problems to the webmaster at: webmaster@removethis.rlgsc.com
copyright 2002-2006, Robert Gezelter, All Rights Reserved