Abstract
After an Introduction which gives an outline of the paper's scope the first main section considers the History of the development of the various criteria. This leads to a discussion of the Aims and Purposes of the various authors and sponsors in the main thrust of each of these documents; it is interesting and relevant to know what the authors thought they were doing. Clearly some of the criteria were written with very limited scope in view while others had wider briefs. With an understanding of the aims and purposes of the criteria and their authors and sponsors it is possible to assess the level of Achievement in the various programs; we can ask to what extent they fulfilled the purposes. One of the most interesting aspects of systems security is the balance between the needs of the various sectors; the traditional dichotomy of Civil versus Military is very pronounced in this field. A final section looks at the Prospects for the Future, both in terms of the standards-making bodies and in terms of user needs
This is a preview of subscription content, log in via an institution.
Preview
Unable to display preview. Download preview PDF.
References
David Bell and L. J. La Padula:Secure Computer System:. Unified Exposition and MULTICS Interpretation. USA 1975, Mitre Report ESD-TR-75-306.
K. J. Biba:Integrity Considerations for Secure Computer Systems. USA 1977, Mitre Report ESD-TR-76-372.
D. D. Clark and D. R. Wilson:A Comparison of Military and Commercial Security Policies. Proceedings of the 1987 IEEE Symposium on Security and Privacy.
Communication-Electronics Security Group:UK Systems Security Confidence Levels. CESG Memorandum No. 3. United Kingdom, February 1989.
Department of Trade and Industry Commercial Computer Security Centre:Overview of Documentation (V01). Great Britain, February 1989 (DRAFT only). Glossary (V02). Great Britain, February 1989 (DRAFT only). Users' Code of Practice (V11). Great Britain, November 1989 (DRAFT only). Security Functionality Manual (V21). Great Britain, February 1989 (DRAFT only). Evaluation Levels Manual (V22). Great Britain, February 1989 (DRAFT only). Evaluation and Certification Manual (V23). Great Britain, February 1989 (DRAFT only). Vendors' Code of Practice (V31). Great Britain, November 1989 (DRAFT only). Colloquially known as the Green Books.
Service Central de la Sécurité des Systèmes d'Information:Critères Destinés à Évaluer le Degré de Confiance des Systèmes d'Information. 692/SGDN/DISSI/SCSSI. France, July 1989.
Der Bundesminister des Innern:Information Technology Security Evaluation Criteria (Harmonised Criteria of France — Germany — the Netherlands — the United Kingdom). Federal Republic of Germany, Version 1.1, January 1991.
D. W. Roberts: Computer Security: Policy, Planning and Practice. ISBN 0-86353-180-6. NCC Blackwell, United kingdom, January 1990.
Department of Defense:Trusted Computer Systems Evaluation Criteria. DOD 5200.28-STD. United States of America, December 1985. Colloquially known as the Orange Book.
Zentralstelle für Sicherheit in der Informationstechnik:Criteria for the Evaluation of Trustworthiness of Information Technology (IT) Systems. ISBN 3-88784-200-6. Federal Republic of Germany, January 1989. Also sometimes colloquially known as the Green Book.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1993 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Roberts, D.W. (1993). Evaluation criteria for it security. In: Preneel, B., Govaerts, R., Vandewalle, J. (eds) Computer Security and Industrial Cryptography. Lecture Notes in Computer Science, vol 741. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-57341-0_59
Download citation
DOI: https://doi.org/10.1007/3-540-57341-0_59
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-57341-8
Online ISBN: 978-3-540-48074-7
eBook Packages: Springer Book Archive