Designed to be used by acquiring organizations, system integrators, manufacturers, and Common Criteria testing/certification labs, the Common Criteria (CC) for IT Security Evaluation is a relatively new international standard. This standard provides a comprehensive methodology for specifying, implementing, and evaluating the security of IT products, systems, and networks. This book explains in detail how and why the CC methodology was developed, describes the CC methodology and how it is used throughout the life of a system, and illustrates how each of the four categories of users should employ the methodology as well as their different roles and responsibilities.

List of Exhibits

xiii

Introduction

1

(4)

Background

1

(1)

Purpose

2

(1)

Scope

2

(1)

Intended Audience

2

(1)

Organization

2

(3)

What Are the Common Criteria?

5

(52)

History

5

(5)

Purpose and Intended Use

10

(2)

Major Components of the Methodology and How They Work

12

(21)

The CC

12

(20)

The CEM

32

(1)

Relationship to Other Standards

33

(11)

CC User Community and Stakeholders

44

(3)

Future of the CC

47

(7)

Summary

54

(2)

Discussion Problems

56

(1)

Specifying Security Requirements: The Protection Profile

57

(68)

Purpose

57

(3)

Structure

60

(2)

Section 1: Introduction

62

(5)

PP Identification

63

(1)

PP Overview

63

(4)

Section 2: TOE Description

67

(6)

General Functionality

67

(3)

TOE Boundaries

70

(3)

Section 3: TOE Security Environment

73

(6)

Assumptions

73

(1)

Threats

74

(2)

Organizational Security Policies

76

(3)

Section 4: Security Objectives

79

(7)

Section 5: Security Requirements

86

(32)

Security Functional Requirements (SFRs)

89

(16)

Security Assurance Requirements (SARs)

105

(8)

Security Requirements for the IT Environment

113

(4)

Security Requirements for the Non-IT Environment

117

(1)

Section 6: PP Application Notes

118

(1)

Section 7: Rationale

118

(3)

Security Objectives Rationale

119

(1)

Security Requirements Rationale

120

(1)

Summary

121

(2)

Discussion Problems

123

(2)

Designing a Security Architecture: The Security Target

125

(50)

Purpose

125

(2)

Structure

127

(4)

Section 1: Introduction

131

(2)

ST Identification

131

(1)

ST Overview

132

(1)

Section 2: TOE Description

133

(3)

System Type

134

(1)

Architecture

134

(1)

Security Boundaries

135

(1)

Section 3: Security Environment

136

(3)

Assumptions

136

(2)

Threats

138

(1)

Organizational Security Policies

139

(1)

Section 4: Security Objectives

139

(3)

Section 5: Security Requirements

142

(8)

Security Functional Requirements (SFRs)

142

(5)

Security Assurance Requirements (SARs)

147

(1)

Security Requirements for the IT Environment

147

(2)

Security Requirements for the Non-IT Environment

149

(1)

Section 6: Summary Specification

150

(6)

TOE Security Functions

150

(5)

Security Assurance Measures

155

(1)

Section 7: PP Claims

156

(2)

PP Reference

156

(2)

PP Tailoring

158

(1)

PP Additions

158

(1)

Section 8: Rationale

158

(12)

Security Objectives Rationale

160

(1)

Security Requirements Rationale

160

(7)

TOE Summary Specification Rationale

167

(2)

PP Claims Rationale

169

(1)

Summary

170

(3)

Discussion Problems

173

(2)

Verifying a Security Solution: Security Assurance Activities

175

(60)

Purpose

175

(3)

ISO/IEC 15408-3

178

(31)

EALs

179

(21)

PP Evaluation

200

(2)

ST Evaluation

202

(2)

TOE Evaluation

204

(2)

Maintenance of Assurance Evaluation

206

(3)

Common Evaluation Methodology (CEM)

209

(8)

National Evaluation Schemes

217

(8)

Interpretation of Results

225

(3)

Relation to Security Certification and Accreditation Activities (C&A)

228

(4)

Summary

232

(1)

Discussion Problems

233

(2)

Postscript

235

(4)

ASE: Security Target Evaluation

235

(1)

AVA: Vulnerability Analysis and Penetration Testing

236

(1)

Services Contracts

237

(1)

Schedules for New CC Standards (ISO/IEC and CCIMB)

237

(2)

Annex A: Glossary of Acronyms and Terms

239

(14)

Annex B: Additional Resources

253

(8)

Standards, Regulations, and Policy

253

(4)

Historical

253

(1)

Current

254

(3)

Publications

257

(1)

Online Resources

258

(3)

Annex C: Common Criteria Recognition Agreement (CCRA) Participants

261

(6)

Australia and New Zealand

262

(1)

Canada

262

(1)

Finland

262

(1)

France

263

(1)

Germany

263

(1)

Greece

263

(1)

Israel

263

(1)

Italy

264

(1)

The Netherlands

264

(1)

Norway

264

(1)

Spain

264

(1)

Sweden

265

(1)

United Kingdom

265

(1)

United States

265

(2)

Annex D: Accredited Common Criteria Testing Labs

267

(8)

Australia and New Zealand

267

(1)

Canada

268

(1)

France

269

(1)

Germany

270

(1)

United Kingdom

271

(2)

United States

273

(2)

Annex E: Accredited Cryptographic Module Testing Laboratories

275

(4)

Canada

275

(1)

United States

276

(3)

Annex F: Glossary of Classes and Families

279

(4)

Index

283

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.