HOME | TERMS | CONTACT US | SITE MAP   The National Technical Authority for Information Assurance   The Government’s Information Assurance flagship conference 14-15 Sep 2010. Public & Private Sector rates reduced. For more details see the IA10 page.   ABOUT US   PRODUCTS & SERVICES   PUBLICATIONS   POLICY & TECHNOLOGIES   FIND A ..... You are here:CESG > Products and Services> IACS> Common Criteria & ITSEC >Common Criteria Assurance Levels Common Criteria & ITSEC Introduction Certified Products CLEFs Common Criteria Assurance Levels Directory of Infosec Assured Products (pdf) Formal Documentation International Links Introductory Guides ITSEC Assurance Levels Joint Interpretation Library Security Evaluation Criteria Structure of the UK Scheme UK Evaluator Training Material UK National Interpretations for Common Criteria Scheme FAQs Scheme History Common Criteria portal CC Business Questionnaire (doc) In Evaluation Web Entry Form (doc)   Common Criteria Assurance Levels Functionally Tested. Provides analysis of the security functions, using a functional and interface specification of the TOE, to understand the security behaviour. The analysis is supported by independent testing of the security functions. Structurally Tested. Anaysis of the security functions using a functional and interface specification and the high level design of the subsystems of the TOE. Independent testing of the security functions, evidence of developer "black box" testing, and evidence of a development search for obvious vulnerabilities. Methodically Tested and Checked. The analysis is supported by "grey box" testing, selective independent confirmation of the developer test results, and evidence of a developer search for obvious vulnerablitities. Development environment controls and TOE configuration management are also required. Methodically Designed, Tested and Reviewed. Analysis is supported by the low-level design of the modules of the TOE, and a subset of the implementation. Testing is supported by an independent search for obvious vulnerabilities. Development controls are supported by a life-cycle model, identification of tools, and automated configuration management. Semiformally Designed and Tested. Analysis includes all of the implementation. Assurance is supplemented by a formal model and a semiformal presentation of the functional specification and high level design, and a semiformal demonstration of correspondence. The search for vulnerabilities must ensure relative resistance to penetration attack. Covert channel analysis and modular design are also required. Semiformally Verified Design and Tested. Analysis is supported by a modular and layered approach to design, and a structured presentation of the implementation. The independent search for vulnerabilities must ensure high resistance to penetration attack. The search for covert channels must be systematic. Development environment and configuration management controls are further strengthened. Formally Verified Design and Tested. The formal model is supplemented by a formal presentation of the functional specification and high level design showing correspondence. Evidence of developer "white box" testing and complete independent confirmation of developer test results are required. Complexity of the design must be minimised. Common Criteria/ ITSEC Equivalents Common Criteria System Criteria ITSEC -  © Crown Copyright, 2010. This CESG Website is maintained for your personal use and viewing. Access and use by you of this site constitutes acceptance of our terms and conditions which take effect from the date of first use. Click here for our terms and conditions CESGweb@cesg.gsi.gov.uk