Purpose of Evaluation
Method of Evaluation
Trusted Execution Environment
Protection Profile
Security Target
Functionality
ITSEC
EAL 1
Cryptographic Modules, Security Levels
Common Criteria
TCSEC
Evaluation Assurance Level (EAL)
EAL 7
Assurance
Target of Evaluation
Product/System has the security properties claimed, is suitable for a given application, and is accredited.
An international set of specifications and guidelines designed to evaluate information security products and systems.
An example of Data Protection, Protection Profile.
formally verified, designed and tested.
A reusable set of security requirements.
Software has to meet generic security requirements; OR system meets specific security requirements of a given application.
European security evaluation criteria separating functionality and assurance.
Defines what has to be done in an evaluation.
The security services have been implemented properly so that the user can rely on them.
System provides adequate for meeting a user's concrete security requirements.
Functionally tested.
Implementation-dependent statement of security needs for a specific identified TOE.
Evaluation should not miss problems / different evaluations of the same product should give the same results.
An example of a Trusted Computing Protection Profile.
Security evaluation criteria for US Defense sector.