ABSTRACT
The Commercial Licensed Evaluation Facilities (CLEF) scheme has been created to support the process of evaluation. Both the CLEF organisations themselves and the staff working within them are individually approved and licensed by the Certification Authority. This chapter discusses the evaluation process and suggests how designing security systems and products with evaluation in mind can lead to successful, time-efficient and cost-effective certification. Evaluation is a highly structured process, and is analogous to system development itself. Independent of the concurrence of the evaluation process it normally comprises the following main stages: establish baseline; produce evaluation work programme; product assessment; penetration testing; evaluate development environment; and assess operational environment. The chapter describes the three approaches to the evaluation process and each of their merits. These approaches are: consecutive evaluation; concurrent evaluation; and semi-concurrent evaluation. Each approach has its own advantages and disadvantages. To date, the majority of evaluations undertaken have been of the Consecutive type.
