Mutual Recognition Agreement Of Information Technology Security Evaluation Certificates

The UK also put in place a number of alternative systems when it was found that the time, costs and overheads of mutual recognition hamper the functioning of the market: “All other systems with which the EU communicates are considered to be subject to the same management control and operate under the same security policy restrictions. The TOE applies to connected or distributed environments only if the entire network operates within the same boundaries and is in a single administrative domain. There are no security requirements that address the need to trust external systems or communications with those systems.┬áThis assumption is included in the Access to Control Protection Profile (CAPP) to which its products are engaged. Based on these and other assumptions, which may not be realistic for the common use of primary-purpose operating systems, the claimed security features of Windows products will be evaluated. Therefore, they should only be considered safe in the specified circumstances, also known as evaluated configurations. Several versions of Microsoft Windows, including Windows Server 2003 and Windows XP, have been certified, but security patches to fix security vulnerabilities are still released by Microsoft for these Windows systems. This is possible because the process of obtaining a common Criteria certification allows a vendor to limit the analysis to certain security features and to make certain assumptions about the operating environment and the strength of the threats to which the product is exposed in that environment. In addition, the CC recognizes the need to limit the scope of the assessment in order to provide inexpensive and useful security certifications, so that the evaluated products are reviewed with a detailed degree determined by the level of reliability or pp. Therefore, assessment activities are only conducted up to a certain depth, use of time and resources and provide adequate security for the intended environment. In August 2007, William Jackson, a columnist for the Government Computing News (GCN), critically examined the common criteria methodology and its implementation in the United States through the Common Criteria Evaluation and Validation Scheme (CCEVS). [5] In the column, security industry executives, researchers, and representatives of the National Information Assurance Partnership (NIAP) were interviewed.

. . .

This entry was posted in Uncategorized. Bookmark the permalink.