Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] Re: common criteria evalution criteria

from [Doug Landoll] Network Security [Permanent Link]
Subject: [CISSP-D] Re: common criteria evalution criteria
Date: Wed, 25 May 2005 23:01:57 -0000 
I can think of several reasons for this:

1) Products are placed on the Evaluated Products List once they are 
certified by a Common Criteria Testing Lab (CCTL). According to the 
agreement between the member countries - Mutual Recognition 
Agreement (MRA) only products evaluated at Evaluated Assurance Level 
(EAL) 4 and below will be accepted in other member countries. 

2) CCTLs (at least in the US) are only permitted to evaluate 
products at or below EAL4

3) EALs above 4 become very expensive and prohibitively expensive 
for complex systems. You will notice that products evaluated at 
higher assurance levels (5-7) - there are some, are rather simple in 
function such as a one-way diode.

4) Although US procurement guidance requires a minimum of EAL2 for 
all information assurance products and EAL4 is called for in some 
government RFPs, there are few (or no) requests from the market for 
higher assurance level evaluations.

Hope this helps,

Doug Landoll, CISSP, CISA
President, Veridyn Inc.
(512) 310-2228




 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [CISSP-D] Need a already CISSP to endorse my application, Famous
Previous by Thread:  [CISSP-D] common criteria evalution criteria, Nishidhdha
Next by Thread:  [CISSP-D] Re: question on studying, email2mno
Indexes:  [Date] [Thread] [Top] [All Lists]