HOME | TERMS | CONTACT US | SITE MAP
 
The National Technical Authority for Information Assurance
 
  ABOUT US   PRODUCTS & SERVICES   PUBLICATIONS   POLICY & TECHNOLOGIES   FIND A .....
You are here:CESG > Products and Services> IACS> Common Criteria & ITSEC >ITSEC Assurance Levels
Common Criteria & ITSEC
Introduction
Certified Products
CLEFs
Common Criteria Assurance Levels
Directory of Infosec Assured Products (pdf)
Formal Documentation
International Links
Introductory Guides
ITSEC Assurance Levels
Joint Interpretation Library
Security Evaluation Criteria
Structure of the UK Scheme
UK Evaluator Training Material
UK National Interpretations for Common Criteria
Scheme FAQs
Scheme History
Common Criteria portal
Business Questionnaire for Common Criteria Assurance Services (doc)
 		 ITSEC Assurance Levels


ITSEC certification of a software product means that users can rely on an assured level of security, for any product they are about to purchase. It is a sign of confidence - like the quality kite-mark seen on consumer products. The ITSEC has now been mainly superseded by the other national and international approaches. For current applicability, please contact the IACS team.

ITSEC E1 A security target and informal architectural design must be produced. User /Admin documentation gives guidance on Target of Evaluation (TOE) security. Security enforcing functions are tested by evaluator or developer. TOE to be uniquely identified and to have Delivery, Configuration, Start-up and Operational documentation. Secure Distribution methods to be utilised.
ITSEC E2 An informal detailed design, and test documentation must be produced. Architecture shows the separation of the TOE into security enforcing and other components. Penetration testing searches for errors. Configuration control and developer's security is assessed. Audit trail output is required during start up and operation.
ITSEC E3 Source code or hardware drawings to be produced. Correspondence must be shown between source code and detailed design. Acceptance procedures must be used. Implementation languages should be to recognised standards. Retesting must occur after the correction of errors.
ITSEC E4 Formal model of security and semi-formal specification of security enforcing functions, architecture and detailed design to be produced. Testing must be shown to be sufficient. TOE and tools are under configuration control with changes audited, compiler options documented. TOE to retain security on re-start after failure.
ITSEC E5

Architectural design explains the inter-relationship between security enforcing components. Information on integration process and run time libraries to be produced. Configuration control independent of developer. Identification of configured items as security enforcing or security relevant, with support for variable relationships between them.
ITSEC E6 Formal description of architecture and security enforcing functions to be produced. Correspondence shown from formal specification of security enforcing functions through to source code and tests. Different TOE configurations defined in terms of the formal architectural design. All tools subject to configuration control.

ITSEC/ Common Criteria Equivalents

ITSEC   ITSEC E1 ITSEC E2 ITSEC E3 ITSEC E4 ITSEC E5 ITSEC E6
Common Criteria CC EAL1 CC EAL2 CC EAL3 CC EAL4 CC EAL5 CC EAL6 CC EAL7
System Criteria SC SYS1 SC SYS2 SC SYS3 SC SYS4 SC SYS5 SC SYS6 SC SYS7
 © Crown copyright, 2010. This CESG Website is maintained for your personal use and viewing. Access and use by you of this site constitutes acceptance of our terms and conditions which take effect from the date of first use. Click here for our terms and conditions CESGweb@cesg.gsi.gov.uk