First European Symposium On Research In Computer Security (ESORICS 90)
Harmonised Criteria for the Security Evaluation of IT Systems and Products
P. Casey, A. Brouwer, D. Herson, J.-F. Pacault, F. Taal, U. Van Essen
Keywords :
Abstract : Four Europeans countries have put their requirements and their expertise together and developed a single set of Information Technology Security Criteria (ITSEC), harmonizing the criteria they were previously using. The ITSEC take into account the integrity of data and the availability of data and processes as well as the confidentiality of data; they are intended to be applicable to both systems and products, to government as well as to commercial use. There is a mappability with the TCSEC of US government. The ITSEC make a very clear distinction between, on one hand, the security functions and mechanisms, and on the other hand, the assurance that first these functions are correctly implemented and operated and, second, that they are effective in order to achieve the security objectives. The ITSEC are currently being widely distributed for comments and consultations: such comments are indeed necessary for a new version to be prepared to receive broad acceptance by a wide range of potential users and market sectors.
(Pages 243-249)