Abstract
In 1999, the International Organization for Standardization and the International Electrotechnical Commission jointly published the Common Criteria for Information Technology Security revaluation to provide IT security evaluation guidelines that extend to an international community. The assurance requirements, including prepackaged sets of Evaluation Assurance Levels (EALs) in the Common Criteria (CC), represent the paradigm that assurance equals evaluation, and more evaluation leads to more assurance. This paradigm is at odds with the commercial off-the-shelf (COTS) marketplace, neither reflecting how confidence is typically achieved nor providing a cost-effective means for supplying grounds for confidence in the security capabilities of the information technology being evaluated.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
