|
27.1 |
|
Introduction
|
|
27.2 |
|
Security Assessment Standards Associated with Security Implementations
|
|
27.2.1 |
|
Security Technology and Product Assessment Standards
|
|
27.2.1.1 |
|
Security Proof of Concept Keystone (SPOCK)
|
|
27.2.1.2 |
|
VPN Consortium
|
|
27.2.2 |
|
Standards for Assessing Security Implementers
|
|
27.2.2.1 |
|
Capability Maturity Model
|
|
27.2.2.2 |
|
Quality (ISO 9000)
|
|
27.2.3 |
|
Combined Product and Product Builder Assessment Standards
|
|
272.3.1 |
|
Competing National Criteria Standards
|
|
27.2.3.2 |
|
Common, Consolidated Criteria standard
|
|
27.3 |
|
Establishing Trust in Products and Systems and Managing Risks
|
|
27.3.1 |
|
Why Trust and Risk Management Are Important
|
|
27.3.2 |
|
Alternatives Methods of Establishing Trust
|
|
27.3.2.1 |
|
Nonstandard trust development alternatives
|
|
27.3.2.2 |
|
Standard-based trust development alternatives
|
|
27.4 |
|
Common Criteria Paradigm
|
|
27.4.2 |
|
Details about the Common Criteria Standard
|
|
27.4.2.1 |
|
Models for security profiles
|
|
27.4.2.2 |
|
Security functional requirements catalog
|
|
27.4.2.3 |
|
Security assurance requirements catalog
|
|
27.4.2.4 |
|
Comprehensiveness of requirements catalogs
|
|
27.4.3 |
|
Using the Common Criteria Standard to Define Security Requirements and Security Solutions
|
|
27.4.3.1 |
|
Profiles and their construction
|
|
27.4.3.2 |
|
Security targets
|
|
27.4.3.3 |
|
PP/ST development tools
|
|
27.4.4 |
|
Defining Common Test Methodology
|
|
27.4.4.1 |
|
Common Evaluation Methodology
|
|
27.4.4.2 |
|
Benefits of the Common Evaluation Methodology
|
|
27.4.5 |
|
Mutual Recognition of Testing and National Testing Schemes
|
|
27.4.5.1 |
|
Mutual Recognition Arrangement
|
|
27.4.5.2 |
|
National schemes
|
|
27.4.6 |
|
Common Criteria Evaluation and Validation Scheme of the United States
|
|
27.4.7 |
|
Accredited Testing
|
|
27.4.7.1 |
|
Testing products and profiles
|
|
27.4.7.2 |
|
Accrediting security testing laboratories
|
|
27.4.8 |
|
Testing Validation
|
|
27.4.8.1 |
|
Validating test results
|
|
27.4.8.2 |
|
Operating and maintaining the validation service
|
|
27.4.9 |
|
Recognizing Validated Products and Profiles
|
|
27.4.9.1 |
|
Issuing Common Criteria certificates
|
|
27.4.9.2 |
|
Posting validations
|
|
27.4.10 |
|
Summary
|
|
27.5 |
|
Notes
|