• Advertise
• Search
• Free Magazines
• Newest Links
• Categories
• Register
• Login

Applying the Common Criteria to the Certification & Accreditation of Department of Defense Unclassified Information Technology Systems

Added by Papergrl

Description: Perhaps the greatest challenge Information Technology (IT) professionals face today is providing evidence that the systems they develop are "secure". To provide this evidence, they must use a standardized process that will foster a high level of confidence in the security features of the IT system. This process must provide a means to quantify and measure the extent to which the security of the IT system has been evaluated and assessed. No matter what type of system is to be developed, there must be assurance that the data and data processing resources are protected and the security mechanisms will operate in the manner in which they were designed to operate. Besides being a good business practice, there are numerous laws and regulations, which define and explain why one must be concerned with the adequacy of IT security. This paper will discuss how the adoption of a more recently developed evaluation criteria known as the "Common Criteria" (CC) may be applied to DITSCAP process.