ebook img

Security Assurance: Does Anybody Care? - National Institute of PDF

57 Pages·1998·0.47 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Security Assurance: Does Anybody Care? - National Institute of

:le nefaloPtiT ?er ayCdoby nsAe o:Decnarus syAtiruc eS :ri alheCnaP S. Katzke, NIST :stsilenaP S. Katzke, NIST; S. ,inahkohC .;Jsnoitul omSocangyC ,reldnihcS ;dr.aDkcaP-ttilweH I R,SbbeW :t cnaoritsssbeaS yti reuccneaSrussA fo na TI metsys si eht level fo tsurt eno sah taht eht met syylstcerr oscteemsti l a,nsoniotictnaucfifice pdsna seod ton mrofre pdednetn isnnuoitcnuf taht esimorpmoc sti.ytiruces ecniS tnerruc TI smetsys era ylemertxe ,xelpmoc ,detubirtsid dna netfo ton rednu yratinu,lortnoc lacinhcet sdohtem rof gnissessa eht AS fo smetsys era llits erom tra naht .ecneics ,revewoH sehcaorppa/sdohtem od tsixe rof gnissessa eht AS fo eht TI stcudorp/stnenopmoc taht era desusa gnidliub skcolb rof hcus .smetsys elihW eseht stnemssessa od ton edivorp eht metsys ASeno ,seris etdi e lsbiano soate remus staaht AS fo stcudo reph/ts tsnienopmoc a yra snsoeicteindnocrof gnissessa eht AS fo a .metsys sihT muroF noisseS lliw sucof no gnissessa eht AS fo TI stcudorp/stnenopmoc retfaereh( derrefer ot sa tsuj)"stcudorp" ytiruceS ecnarussA )AS( fo na TI tcudorp si eht level fo tsurt eno sah taht eht tcudorp,.g.e( gnitarepo ,metsys ,llawerif ,esabatad ,revresbew mocelet )hctiws steem sti lanoitcnufytiruces ,s n e oss.diniyn t omtadtsasioieatcetrrdhiio cpu nt fdmnmcteiruoeotcofcsnnefiprnseup e,hlTenap :ll i;wsb aglnitset/noitaula vyetiruc ed sn,astnatlusn oyctiruc e,ssrepolev etdcudo rTmpIo rnfward • stcudo r T npAIri Soefrised/de ee nhetnimaxe • AgSniveih cra osfehcaorp peavitanret leabircsed • . AsSesses se anw ooshsucsid ,nrIaluci terhatp mia fo eht noisseS si ot egagne eh tecneidua ni anois sduncusoirda ehgtniwollof :snoits esfueoqpyt ? tuonotaytropmi/lu f teAcsSu ud ,ostrip pesc Anaoc woH osdt csuuusoodey?yosersspau Vendor ?)ytr atpsri fn(oitacifitrec/ecnarus sfales ?)ytr adpnoce st(nemsses sfaleS ? tnemsses syatr adprihT At what cost? ?sde ernu otye egmni se uru aosydoht ee mhotD erA uoy gnilliw ot tpecca tnedne pneodintiaulave/gnitset yb tnedne psendoniitazinagro/sbal,.g.e( ?)ASCI seoD eht epyt fo gnitset ekam a ecnereffi dot uoy ,. gn.oei(tucexe fode stasbe-tn o,isteatciiufsiceps ?)sts entoitarten e,psts eyttilibarenl unvwo n,kgnitset seoD no iethatvired/n ifgoiro eht tset ,,ssneotiituascifi cdenpas rehto stset sdohtem deilppa ekama yti nyit fi tfn ,naurbemeadmslnoue cp,es dpr en uo,cidodr ner noo:evg,e dtyri.vunbergoefe.yvfdei(d ?) stbnaelmnr e,vsop gusodrrgad n,astpsuorg dluoW uoy referp ot esu ro tseuqer eht esu fo laicremmoc gnitset sbal taht evah neebdetidercca through an "approved" process (e.g., s'TSI Nlano iytraa NtynnrouoilttoaaVrtoimbdaaerLrgcocrAP ?))PALVN( ? AgSnitatilic a nfeil osr'tnemnrev oeg h etdbluo htsahW tn asti r woak opr dHmarn ?imoantrocb uadorp ecnereff ieadk a tmsieoD ? tsieus soihw ydluoW dtte ccsnue uaooladb e oaskr?r pdarnmoarb rodn e,v.g. es(ecio hrceh tnoa hetlbaris eedr oeembtacifitr etcnemnre v doalguoW ?)sb atlnedneped n,isnoitaicossa hcaE tsilenap lliw evah e hyttinutropp oot tneserp rieht sweiv no eht evoba scipot htiw eht epohfo .ecneid ue ahetgag nlel itwa hytsrevortn ogcnitareneg :ts i slmhteocnnraeafemp entoaittsisoP Stu ,ekztaK :TSIN Stu ekztaK lliw nigeb eht noisses htiw emos gninepo skramer dnalairotut noi ttaumorboaf n.iAS eH lliw neht ekat enhotit itsaohp tdrihyttrap g ndietsysabebt-noitaci f,iceps laicremmoc sbal taht evah neeb detidercca gnisu eht TSIN PALVN sedivorp na hcaorppa tahtsah tnacifingis segatnavda revo rehto .sehcaorppa eH lliw mrofni eht ecneidua tuoba alaicremmoc gnitset margorp taht si gnieb dehsilbatse yb TSIN & ASN ot tsissa eht laicrem mrooctces teemsti gnitset .sdeen tI lliw tluser ni ,retteb ,retsaf repaehc gnitset fo TI stcudorp naht sah neebdeveihca sm and ro ne gilav.otl isr ai ysdp tuwotnn eeltioatbka rpmnrvuseeae cedmm rernresrondeiInvruopg ,noitidda eht tset stluser lliw eb detpecca ,.e.i( yllautum )dezingocer yb ,adanaC ,KU,ecnarF .sdnalreht eeN hdt n,aynamreG miJ ,reldnihcS ttelweH:drakcaP miJ reldnihcS lliw ssucsid eht egnarO kooB noitaulaveledom dna neht tneserp a wen ledom rof AS taht sdnopser ot laicremmoc ,dnamed lanoitanretni . y,tsi rlrd eionpbdaoanlieelve vHtgecndai/ pzr nmio,oimds inmdneelivtrmso yw,s-yltaielribacilppa lliw esoporp na hcaorppa ralimis ot eno taht sah dekrow ni eht erawdrah ytinummoc dnaneht .devlos e e robdte elnli ttsa hsteus sliarev ehst iewdulcnoc Santosh Chokhani, mocangyC:snoituloS hsotnaS inahkohC lliw erahs sih sthguoht tuobaAS desab nopu eht lacitcarp ecneirepxe eh sah deniag hguorht tcerid noitapicitrap ni snoitaulavedna hguorht eht secneirepxe sih yrotarobal sah deniatbo morf gnimro fyrte ip.rsuncoeistaulave eHlliw ynboitaula vyetr adpri h ftsotifen eeb h,tffoy ahpg ieh rsaeitivit c AahSci h,w A nSsowe isv ishsucsid .l isl amlefaiHrwg onropitaul ayd,tvhnAue wa Sow d booesanterknemus nt oa,chs wbdaeltidercca .sseco rAe pShetvorp mositnoitadnemmoc eerm ohst iewdulcnoc salguoD ,bbeW IRS:gnitlusnoC guoD bbeW l lsiswucsid a YN sy nttoiciCetjcoerl pEehdekrow no taht deriuqer AS dna eht hcaorppa desu ot enimreted woh hcum saw .dedeen ecniS ehttcejorp stn el ma denreroo si if,sugtseqncereinndrtuido fhavechatm eussi fo woh“ hcum AS s i”dedeesnaw laci tsial olp l.elwa csian hce tgu olD leirw ahhts ie wce nhd eteseivrhdlotu ota nvcginanifikeahmt .devei h sctAaa aSwehrtu snoneti ksapt e et dhsnntoaisiced ecnarus syAtiruceS Stuart ekztaK noisiviD ytiruceS retupmoC ,feihC NationalI nstituteo fS tandardsa ndT echnology Information Technology Laboratory ekztak @ tsin . gov :esuoh geyrncteiritruruaoupescmleeoCRSC crsc . lscn . tsin . gov NISSC Oct. 98 weivrevO noitatneserP • Security Assurance • NIST/NSA Security Testing/Evaluation (T/E) Initiatives )AS( ecnarussA ytiruceS tcudor pr ometsy satah ttsur tf oleveL ytiruc elsanoitcn usf t oistmrofnoc mrofrep ton seod dna ;noitacificeps taht snoitcnuf dednetninu ytiruces esimorpmoc :snoitacifice pyStiruceS )E/T( noitaulavE/gnitseT metsyS ro tcudorP TI stnemeriuqe RytiruceS snoitacificep SytiruceS ? ? ecnamrofno ClanoitcnuF ecnedifnoC/tsurT/ecnarussA )evitcejb O;gnitseT( )evitcejbu S;noitaulavE( • lanoitcnufgnitset • development process • ytiruce sngisedsisylana • evisserggagnitset ThisP resentation:F ocuso nS Ao f Products • ,rodnev-itlum ,detubirtsid ,xelpmoc a fo AS melbor phcraese r as imetsys • ecneics naht tra erom si smetsys fo AS • thognuo hytr(ass e ecsceinnaru stscaudorP ecnaru smseat s ry)ostfneiciffus • ,retsaf( stcudorp fo noitaulave evorpmi naC )repa e,hrcetteb • )gnigarevel roop( dnik-a-fo-eno era smetsyS noitiso p:mmoeCtsyS Product A BtcudorP CtcudorP metsys-bu sr ometsyS x okBca l:BmetsyS Product A BtcudorP CtcudorP metsys-bu sr ometsyS

Description:
Security Assurance of an IT system is the level of trust one has that the system correctly meets its Evaluation Assurance Level (EAL) Definitions
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.