Common Criteria Flashcards

1
Q

What is Common Criteria

A

Is an international standard for computer security verification. The latest version (3.1) became available in January 2018 and was standardised as ISO 15408

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What can it be used for ?

A

Common Criteria is a framework that you can use to independently verify security claims about a product.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Common Criteria developed from three previous standards

A

 TCSEC – Trusted Computer System Evaluation
Criteria (1983-5)
 ITSEC – Information Technology Security Evaluation
Criteria (1990)
 CTCPEC – Canadian Trusted Computer Product
Evaluation Criteria (1993)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does TCSEC state

A

‘Secure systems will control access to information such that only properly authorized individuals, or processes operating on their behalf, will have access to read, write, create, or delete information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The six fundamental requirements for computer security are ?

A
  1. Security policy - Explicit, well-defined security policy enforced by the system.
  2. Marking - Access control labels must be associated with objects.
  3. Identification - Individual subjects must be identified.
  4. Accountability - Audit information must be selectively kept and protected.
  5. Assurance - System must contain hardware and software mechanisms that can be independently evaluated to provide sufficient assurance that the system enforces requirements 1 through 4.
  6. Continuous protection - Trusted mechanisms that enforce requirements must be continuously protected against tampering and/or unauthorized changes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the six Common Criteria have six core concepts

A
  1. Target of Evaluation (TOE) – The system or product that is subject of evaluation.
  2. Protection Profile (PP) – A document identifying the security requirements relevant to those users.
  3. Security Target (ST) – A document identifying the security properties of the TOE. Vendors produce an ST so customers may determine features in evaluation.
  4. Security Functional Requirements (SFRs) – The individual security functions provided by a product
  5. Security Assurance Requirements (SARs) - A series of descriptions of the measures taken during the development and evaluation of the product to assure compliance with the claimed security functionality.
  6. Evaluation Assurance Level (EAL) – A numerical rating describing the depth and rigor of an evaluation.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly