Assurance
In information security, the term assurance means the level of trust or the degree of confidence in the satisfaction of security needs. There are many standards and guidelines published by the government and commercial organizations to evaluate the assurance aspects of computer systems.
Common Criteria
Common Criteria (CC) is an assurance framework that is predominantly derived from the following three country specific standards:
Trusted Computer Security Evaluation Criteria (TCSEC)
Information Technology Security Evaluation Criteria (ITSEC)
Canadian Trusted Computer Product Evaluation Criteria (CTCPEC)
CC basically defines a Protection Profile (PP) for computing systems.
The following are some of the concepts pertaining to CC:
Target of Evaluation (TOE) is the target product or system that is to be evaluated.
Security Target (ST) is principally a document that identifies the security properties of the TOE. This document contains Security Functions Requirements (SFR) that may be provided...
