mailing list archives
Re: Can ISO15408 evaluated products be trusted?
From: HHikita <h_hikita () yahoo co jp>
Date: Fri, 20 May 2005 20:44:06 +0900
Nora Barrera wrote:
Who understands this strange CC dialect? For me, a ST
is black magic, not a security specification.
Functional Requirements and Assurance Requirements might seem mind
boggling at first.
But you need a common vocabulary to describe security specifications.
How else would you expect to archive common recognition between all
those countries. :-P
Well actually, for each section of the PP/ST there is a requirement
the section must be coherent. For example CEM says in paragraph 300
"The statement of the TOE description is coherent if the text and
the statement are understandable by its target audience (i.e. evaluators and
So everything other than those FDP_,FCS_, FIA_, FAU_, ALC_... things,
is supposed to be understandable.
Do You Yahoo!?
Upgrade Your Life
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/