CHAPTER 51

SECURITY STANDARDS FOR PRODUCTS

Paul Brusii and Noel Zakin

51.1 INTRODUCTION

51.1.1 Value of Standards

51.1.2 Purpose of Product Assessment

51.1.3 Sources of Standards

51.1.4 Classes of Security Standards

51.1.5 Products for Which Standards Apply

51.1.6 Breadth of Product-Oriented Standards

51.1.7 Focus of This Chapter

51.2 NONSTANDARD PRODUCT ASSESSMENT ALTERNATIVES

51.2.1 Vendor Self-Declarations

51.2.2 Proprietary In-House Assessments

51.2.3 Consortium-Based Assessment Approaches

51.2.4 Open Source Approach

51.2.5 Hacking

51.2.6 Trade Press

51.2.7 Initial Third-Party Commercial Assessment Approaches

51.3 SECURITY ASSESSMENT STANDARDS FOR PRODUCTS

51.4 STANDARDS FOR ASSESSING PRODUCT BUILDERS

51.4.1 Capability Maturity Model

51.4.2 Quality (ISO 9000)

51.5 COMBINED PRODUCT AND PRODUCT BUILDER ASSESSMENT

51.5.1 Competing National Criteria Standards

51.5.2 Emergence of Common Criteria Standard

51.6 COMMON CRITERIA PARADIGM OVERVIEW

51.6.1 CC Scheme

51.6.2 Common Criteria Paradigm Process

51.6.3 Standards that Shape the Common Criteria Paradigm

51.7 DETAILS ABOUT THE COMMON CRITERIA STANDARD

51.7.1 Models for Security Profiles

51.7.2 Security Functional Requirements Catalog

51.7.3 Security Assurance Requirements Catalog

51.7.4 Comprehensiveness of Requirements Catalogs

51.8 DEFINE SECURITY REQUIREMENTS AND SECURITY SOLUTIONS

51.8.1 Protection Profile Construction and Contents

51.8.2 Security Target Construction

51.8.3 Benefits of PPs and STs

51.8.4 Extant PPs and STs

Get Computer Security Handbook, Fifth Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial