- Target of Evaluation (TOE): In ITSEC, any system undergoing evaluation is referred to as a Target of Evaluation (TOE). The TOE is the specific part of the system being assessed for security effectiveness.
- No Reliance on TCB: Unlike other evaluation frameworks, ITSEC does not depend on the concept of a Trusted Computing Base (TCB). It does not require the system’s security components to be isolated within a TCB, which is a departure from some other security models and criteria.
- Maintenance of TOE: ITSEC includes provisions for maintaining the security assurance of a TOE after changes occur. This means that the system does not necessarily require a new formal evaluation every time a change is made, as long as the changes are covered under the criteria.
These aspects of ITSEC provide flexibility in how systems are evaluated and maintained, making it a useful framework for ongoing security assurance in dynamic environments. Understanding ITSEC is important for evaluating and ensuring the security of IT systems, particularly in contexts where changes are frequent.