American University
Browse

An assessment of the role of the common criteria in the international mutual recognition of trusted information system evaluations

Download (7.7 MB)
thesis
posted on 2023-08-04, 20:02 authored by Lawrence Garland Martin

This research study documents the twelve year evolution of diverse international criteria for evaluating trusted information systems. The study explains what trusted information systems are, why they are needed, and how their security functionality and assurance is expressed and measured. The research traces the development of the U.S., European, Canadian, and Japanese criteria for evaluating trusted information systems, and addresses the effort to replace the existing U.S. criteria. The study examines the need for mutual recognition of trusted information system evaluations by looking at the evaluation processes and the rating schemes in the U.S., Europe, and Canada. It further discusses the consequences of diverse international criteria and shows how the lack of mutual recognition of evaluations is causing significant problems for those that criteria were initially developed to help, such as computer vendors, allied nations and user organizations, systems integrators, and evaluators. The study looks at the attempts by the North Atlantic Treaty Organization (NATO) and the International Standards Organization (ISO) to harmonize the national and multinational criteria. It also reviews the current international harmonization effort by the Common Criteria Editorial Board (CCEB). The research study demonstrates the thesis that there are three integral parts of the formula to achieve the goal of international mutual recognition of trusted information system evaluations, and that all three parts need to be achieved in parallel. To that end, this research shows that the joint effort by the governments of the United States and Canada, together with the Commission of the European Communities, to produce a harmonized set of common international criteria for developing and evaluating trusted information systems is necessary, but insufficient because additional international standards for a common evaluation process and for a set of common evaluator qualifications are also needed. (Abstract shortened by UMI.).

History

Publisher

ProQuest

Language

English

Notes

Source: Masters Abstracts International, Volume: 33-03, page: 9260.; Thesis (M.S.)--American University, 1994.

Handle

http://hdl.handle.net/1961/thesesdissertations:5110

Media type

application/pdf

Access statement

Unprocessed

Usage metrics

    Theses and Dissertations

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC