Evaluation Methods, Certification and accreditation
Evaluation methods and criteria are designed to gauge real-world security of systems and products.
The Orange Book
NCSC part of NIST developed the Trusted Computer System Evaluation Criteria (TSEC) AKA the Orange Book. Division D is the lowest form of security and A is the highest. the TSEC divisions (Single letter) and classes (letter and number) are:
- D: Minimal Protection
- C: Discretionary Protection
- C1: Discretionary Security Protection
- C2: Controlled Access Protection
- B: Mandatory Protection
- B1: Labeled Security Protection
- B2: Structured Protection
- B3: Security Domains
- A: Verified Protection
- A1: Verified Design
The Orange book is part of the rainbow series of NCSC publications detailing security standards for various communication systems.
TNI/Redbook
Trusted Network Interpretation (TNI) brings TCSEC concepts to network systems.
ITSEC
European Information Technology Security Evaluation Criteria (ITSEC). It refers to the TCSEC Orange book levels separating functionality from assurance. There are two types of assuranceL effectiveness (Q) and Correctness (E). Assurance ratings range from E0 (inadequate) to E6 (formal model of security policy); Functionality ratings range include TCSEC equivalent ratings (F-C1, F-C2 etc.). The equivalent ITSEC/TCSEC ratings are:
- E0: D
- F-C1,E1: C1
- F-C2,E2: C2
- F-B1,E3: B1
- F-B2,E4: B2
- F-B3,E5: B3
- F-B3,E6: A1
Additional functionality ratings include:
- F-IN: High Integrity requirements
- AV: High Availability requirements
- DI: High Integrity requirements for networks
- DC: High Confidentiality requirements for networks
- DX: High Integrity and confidentiality requirements for networks
The International Common Criteria
An internationally agreed upon standard for describing and testing the security of IT products, developed with the intent to evaluate commercially available as well as government-designed and built IA and IA-enabled IT products. The primary objective is to eliminate known vulnerabilities of a target for testing.
Common Criteria Terms
- Target of Evaluation (ToE): the system or product that is being evaluated
- Security Target (ST): the documentation describing the TOE, including the security requirements and operational environment
- Protection Profile (PP): an independent set of security requirements and objectives for a specific category of products or systems, such as firewalls or intrusion detection systems
- Evaluation Assurance Level (EAL): the evaluation score of the tested product or system
Levels of Evaluation
There are seven EALs; each builds on the level of in depth review of the preceding level. Ex. EAL3 is expected to meet or exceed requirements rated for EAL1 and EAL2.
- EAL1: Functionality Tested
- EAL2: Structurally Tested
- EAL3: Methodically Testing and checked
- EAL4: Methodically designed, tested and reviewed
- EAL5: Semi-formally designed and tested
- EAL6: Semi-formally verified, designed and tested
- EAL7: Formally verified, designed and tested
