chapter  14
16 Pages

Government-Based Security Standards

Several governments have established their own computer security standards in an attempt to attain a consistently high level of computer security. These standards identify the security criteria that a software or hardware product must follow in order to be considered for use by the various governmental departments. These standards are: the United State's Department of Defense Trusted Computer System Evaluation Criteria (TCSEC), the Communications Security Establishment's Canadian Trusted Computer Product Evaluation Criteria (CTCPEC), and the joint France, Germany, Netherlands, and United Kingdom Information Technology Security Evaluation Criteria (ITSEC). Like the ITSEC rating, the CTCPEC ratings can be mapped to equivalent TCSEC ratings. The Federal Criteria for Information Technology (FC) was created in an attempt to update the TCSEC. The FC addresses its goals with the introduction of a protection profile. The current draft version of the Common Criteria (CC) incorporates many of the design features of the FC and the ITSEC.