Common Criteria?

Robert Watson rwatson at FreeBSD.org
Tue Apr 18 04:21:03 GMT 2000 

For those interested who would like a reference for the common criteria,
try the following URL: 

  http://cs-www.ncsl.nist.gov/cc/ccv20/ccv2list.htm

The ISO Information Technology Taskforce home page is at:

  http://isotc.iso.ch/livelink/livelink/fetch/2000/2489/Ittf_Home/ITTF.htm

The quick answer is that the B1 feature set is targetted as it covers
relatively concisely the set of features currently under development (a
sort of cyclic arrangement).

I have been reviewing the CC requirements for the past couple of weeks but
find that they are fairly broad and provide a lot less direction than the
original evaluation criterion.  I have been doing some work to try and
classify the current design/implementation goals in the vocabulary of the
CC, but the CC is fairly heavy-going on the acronym/terminology side :-). 

That said, I agree the reclassifying the goals of the project in the CC
vocabulary and scope may make sense--the CC certainly goes into more
detail as to teh requirements and covers a wider range of security
features (many introduced after the release of the Orange Book).  As you
appear to have a stronger working experience with the CC requirements,
would you be interested in helping to congeal the vast CC documentation
into a more concise and useful format for discussion in the context of a
single-host operating system, or for loose clustering based on network
file systems such as NFS and AFS? 

I know of other active projects aspiring to the Orange Book evaluation
criteria, and was wondering if you could comment further on why they are
still doing so in light of your claim that only the CC makes sense at this
point?  Given that currently the TrustedBSD project does not have much in
the way of funding and support, evaluation is not being planned for,
although it is being designed and documented with that in mind.  Now would
be the time to retarget evaluation criteria, if necessary.

  Robert N M Watson 

robert at fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services



To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list