Mailing List Archive

ISO draft on computer security(?)
Alexander Kjeldaas <astor@guardian.no> wrote:
> What you describe looks like a slassification system similar to the one
> used in the ISO draft on computer security (the common criteria). This is
> a very elaborate standard, but the classification system is nice. First
> there are several _classes_ of features, such as Cryptographic Support
> (FCS), Security Audit (FAU), Communication (FCO) etc.

Could you give me some hints where to find more information about
this subject -- I'm traditional a little bit picky about ISO
standards, mainly because I've got hit by the 7-layer ISO model one
or more times... it has just too few layers, so everything
interesting ends up in layer 7 ;-)

> Since all these families with all their different levels (called
> "components" probably to avoid the notion of strict hierarchical ordering
> you mention) would be chaotic to handle for end-users, there are some
> predefined "Protection Profiles" (PPs) for different uses which specifies
> which functional families should satisfy which levels. Protection Profiles
> such as Commercial Security 1, Commercial Security 3, and Packet Filter
> Firewall are defined.

Sounds very interesting and seems to be of help to us.

Harald
Harald Albrecht
Chair of Process Control Engineering
Aachen University of Technology
Turmstrasse 46, D-52064 Aachen, Germany
Tel.: +49 241 80-7703, Fax: +49 241 8888-238
email: harald@plt.rwth-aachen.de
ISO draft on computer security(?) [ In reply to ]
On Wed, 28 Jan 1998, Harald Albrecht wrote:

> Could you give me some hints where to find more information about
> this subject -- I'm traditional a little bit picky about ISO
> standards, mainly because I've got hit by the 7-layer ISO model one
> or more times... it has just too few layers, so everything
> interesting ends up in layer 7 ;-)

I got my copy from my professor teacher which sits in the committee so I
haven't ordered these myself. However, the postal address is in Berlin, so
I don't think you should have problems getting this.

Here's some information from the cover page:

ISO/IEC JTC 1/SC 17/WG 3

I think the CDs these documents are distributed on are called
ISO/IEC CD 15408-X [X is 1-4]

The project number is JTC 1.27.16

Postal address
DIN
Deutches Institut f. Normung e. V.
10772 Berlin

Phone
+49 30 2601-2652
+49 30 2601-2791

e-mail
passia@ni.din.de


That should get you going :-)

astor

--
Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway
http://www.guardian.no/