Select Page

Systems Engineering & Modeling

CISSP

Common Criteria ISO 15408:

  • A structured methodology for documenting and evaluating security requirements for IT products.
  • Used to validate and certify security products based on their protection profiles and evaluation assurance levels.

Key Concepts:

  1. Evaluation Assurance Levels (EAL):
    • EAL0: Inadequate assurance – No assurance of security.
    • EAL1: Functionally tested – Basic testing of functionality.
    • EAL2: Structurally tested – Testing based on the structure of the product.
    • EAL3: Methodically tested and checked – Methodical testing and checks.
    • EAL4: Methodically designed, tested, and reviewed – Comprehensive design, testing, and review.
    • EAL5: Semi-formally designed and tested – Semi-formal design and testing.
    • EAL6: Semi-formally verified design and tested – Semi-formal verification of design and testing.
    • EAL7: Formally verified design and tested – Formal verification of design and testing.
  2. Target of Evaluation (TOE):
    • The product or system being evaluated for security.
  3. Protection Profile (PP):
    • A set of security requirements for a category of products designed to meet specific consumer security needs.
  4. Security Target (ST):
    • Describes the security properties and requirements of the TOE.
  5. Security Functional Requirements (SFRs):
    • Specific individual security functions that the TOE must perform.

These elements help ensure that security products meet defined standards and requirements, providing a basis for evaluating their effectiveness and reliability.

Latest Post:

Pin It on Pinterest