TCSEC, ITSEC and Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) have evolved into one common criteria.
specifies the security requirements and protections of the product to be evaluated.
Organized around TCB entities
Physical and logical controls
Start up and recovery
evaluation of technical and non-technical security features to establish how the design meets the security requirements.
A formal declaration by a Designated Approving Authority (DAA) where a system is approved to operate in a security mode.
Consists of :
- Protection Profile
- EAL rating 1-7
EAL 2 :
EAL 3 :
methodically tested and checked
EAL 4 :
methodically designed, tested and reviewed
EAL 5 :
semifomally designed and tested
EAL 6 :
semi-fomally verified design and tested
EAL 7 :
formally verified design and tested.