Picture of Computer Security Handbook, 4th Edition
computersecurityhandbook.com
Home  >  Fourth Edition  >  Chapter 27
 Home
  by Author
  Fourth Edition
    Chapter 1
    Chapter 2
    Chapter 3
    Chapter 4
    Chapter 5
    Chapter 6
    Chapter 7
    Chapter 8
    Chapter 9
    Chapter 10
    Chapter 11
    Chapter 12
    Chapter 13
    Chapter 14
    Chapter 15
    Chapter 16
    Chapter 17
    Chapter 18
    Chapter 19
    Chapter 20
    Chapter 21
    Chapter 22
    Chapter 23
    Chapter 24
    Chapter 25
    Chapter 26
    Chapter 27
    Chapter 28
    Chapter 29
    Chapter 30
    Chapter 31
    Chapter 32
    Chapter 33
    Chapter 34
    Chapter 35
    Chapter 36
    Chapter 37
    Chapter 38
    Chapter 39
    Chapter 40
    Chapter 41
    Chapter 42
    Chapter 43
    Chapter 44
    Chapter 45
    Chapter 46
    Chapter 47
    Chapter 48
    Chapter 49
    Chapter 50
    Chapter 51
    Chapter 52
    Chapter 53
    Chapter 54
  by Section
  Services
  About this site
Chapter 27 –  Standards for Security Products
     Paul J. Brusil, Ph.D
     Noel Zakin

Chapter Contents:

   27.1    Introduction
   27.2    Security Assessment Standards Associated with Security Implementations
   27.2.1    Security Technology and Product Assessment Standards
   27.2.1.1    Security Proof of Concept Keystone (SPOCK)
   27.2.1.2    VPN Consortium
   27.2.2    Standards for Assessing Security Implementers
   27.2.2.1    Capability Maturity Model
   27.2.2.2    Quality (ISO 9000)
   27.2.3    Combined Product and Product Builder Assessment Standards
   272.3.1    Competing National Criteria Standards
   27.2.3.2    Common, Consolidated Criteria standard
   27.3    Establishing Trust in Products and Systems and Managing Risks
   27.3.1    Why Trust and Risk Management Are Important
   27.3.2    Alternatives Methods of Establishing Trust
   27.3.2.1    Nonstandard trust development alternatives
   27.3.2.2    Standard-based trust development alternatives
   27.4    Common Criteria Paradigm
   27.4.2    Details about the Common Criteria Standard
   27.4.2.1    Models for security profiles
   27.4.2.2    Security functional requirements catalog
   27.4.2.3    Security assurance requirements catalog
   27.4.2.4    Comprehensiveness of requirements catalogs
   27.4.3    Using the Common Criteria Standard to Define Security Requirements and Security Solutions
   27.4.3.1    Profiles and their construction
   27.4.3.2    Security targets
   27.4.3.3    PP/ST development tools
   27.4.4    Defining Common Test Methodology
   27.4.4.1    Common Evaluation Methodology
   27.4.4.2    Benefits of the Common Evaluation Methodology
   27.4.5    Mutual Recognition of Testing and National Testing Schemes
   27.4.5.1    Mutual Recognition Arrangement
   27.4.5.2    National schemes
   27.4.6    Common Criteria Evaluation and Validation Scheme of the United States
   27.4.7    Accredited Testing
   27.4.7.1    Testing products and profiles
   27.4.7.2    Accrediting security testing laboratories
   27.4.8    Testing Validation
   27.4.8.1    Validating test results
   27.4.8.2    Operating and maintaining the validation service
   27.4.9    Recognizing Validated Products and Profiles
   27.4.9.1    Issuing Common Criteria certificates
   27.4.9.2    Posting validations
   27.4.10    Summary
   27.5    Notes

Please report problems to the webmaster at: webmaster@removethis.rlgsc.com
copyright 2002-2006, Robert Gezelter, All Rights Reserved