Skip to content

Page096

Evaluation Methods, Certification, and Accreditation

Evaluation methods and criteria are designed to gauge the real-world security of systems and products. The Trusted Computer System Evaluation Criteria (TCSEC, aka the Orange Book) was the grandparent of evaluation models, developed by the US Department of Defense in the 1980s. Other international models have followed, including ITSEC (the European Information Technology Security Evaluation Criteria) and the Common Criteria.

When choosing security products, how do you know which is best? How can a security professional know that the act of choosing and using a specific vendor’s software will not introduce malicious code? How can a security professional know how well the software was tested and what the results were? TCSEC and ITSEC were previous answers to those questions. The Common Criteria is a more current answer to those questions, so we will focus on it next.

The International Common Criteria

The International Common Criteria is an internationally agreed-upon standard for describing and testing the security of IT products. It is designed to avoid requirements beyond the current state of the art and presents a hierarchy of requirements for a range of classifications and systems. The Common Criteria is the second major international information security criteria effort, following ITSEC. The Common Criteria uses ITSEC terms such as Target of Evaluation and Security Target.

The Common Criteria was developed with the intent to evaluate commercially available as well as government-designed and built information assurance (IA) and IA-enabled IT products. A primary objective of the Common Criteria is to eliminate known vulnerabilities of the target for testing.

Common Criteria Terms

The Common Criteria uses specific terms when defining specific portions of the testing process.

  • Target of Evaluation (ToE): the system or product that is being evaluated
  • Security Target (ST): the documentation describing the TOE, including the security requirements and operational environment
  • Protection Profile (PP): an independent set of security requirements and objectives for a specific category of products or systems, such as firewalls or intrusion detection systems
  • Evaluation Assurance Level (EAL): the evaluation score of the tested product or system

Levels of Evaluation

Within the Common Criteria, there are seven EALs; each builds on the level of in-depth review of the preceding level [14]. For example, EAL3-rated products can be expected to meet or exceed the requirements of products rated EAL1 or EAL2.

The EAL levels are described in “Common Criteria for Information Technology Security Evaluation, Part 3: Security assurance components” (July 2009, Version 3.1, Revision 3, Final, available at: http://www.commoncriteriaportal.org/files/ccfiles/CCPART3V3.1R3.pdf). The levels are:

  • EAL1: Functionally tested
  • EAL2: Structurally tested
  • EAL3: Methodically tested and checked
  • EAL4: Methodically designed, tested, and reviewed
  • EAL5: Semi-formally designed and tested
  • EAL6: Semi-formally verified, designed, and tested
  • EAL7: Formally verified, designed, and tested [14]