| In order to be responsive to the need for mutual recognition of standardized security evaluation results in a global IT market, the International Organization for Standardization (ISO) began to develop an international standard evaluation criteria for general use at 1990. The new criteria was Common Criteria (CC), and ISO issued CC as an International Standard (ISO/IEC 15408) in 1999.This multipart standard ISO/IEC 15408 defines criteria to be used as the basis for evaluation of security properties of IT products and systems. By establishing such a common criteria base, the results of an IT security evaluation will be meaningful to a wider audience. We will study the CC and it's applications in this dissertation, and we will study the relationship between the CC and other important information security standards such as BS7799, SSE-CMM etc.Though the CC structure has opening, internal completeness and practicability advantage, the "specialization level" of the security functional components is too low to use. This article contains a formal analysis of the CC security functional components to evaluate the "specialization level" of the components and a few reform derived from the results of the analysis.We also studied the complementary relationship between the CC and other important information security standards in this article through studied the information assurance architecture and the complex of the information system security.At the end of this article, we discussed the two main applications of the CC: the guides for develop the information security product standards and evaluate the IT security.
|
PDF Full Text Request