SCOPUS 정보 검색 플랫폼

Using the Common Criteria for IT Security Evaluation

Volumn , Issue , 2002, Pages 1-289

Using the common criteria for IT security evaluation

(1) Herrmann, Debra S a

a Biological Computing Initiative (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CRITICAL INFRASTRUCTURES; LIFE CYCLE; MERGERS AND ACQUISITIONS; NASA; PUBLIC WORKS; SECURITY SYSTEMS;

ACQUISITION POLICIES; CRITICAL INFRASTRUCTURE SYSTEMS; EDUCATIONAL SETTINGS; GOVERNMENT OFFICIALS; INFORMATION ASSURANCE; INTELLIGENCE AGENCIES; INTERNATIONAL STANDARDS; PRESIDENTIAL DECISION DIRECTIVES;

NETWORK SECURITY;

EID: 85055232535 PISSN: None EISSN: None Source Type: Book
DOI: 10.1201/9781420031423 Document Type: Book

Times cited : (68)

References (127)

1
- 85055236488
- DoD 5200.28-M, Deactivating, Testing, and Evaluating Secure Resource-Sharing ADP Systems, U.S. Department of Defense, January
- DoD 5200.28-M, ADP Computer Security Manual: Techniques and Procedures for Implementing, Deactivating, Testing, and Evaluating Secure Resource-Sharing ADP Systems, U.S. Department of Defense, January 1973.
- (1973) ADP Computer Security Manual: Techniques and Procedures for Implementing

2
- 85051995631
- DoD 5200.28-M, with 1st Amendment, U.S. Department of Defense, June 25
- DoD 5200.28-M, ADP Computer Security Manual: Techniques and Procedures for Implementing, Deactivating, Testing, and Evaluating Secure Resource-Sharing ADP Systems, with 1st Amendment, U.S. Department of Defense, June 25, 1979.
- (1979) ADP Computer Security Manual: Techniques and Procedures for Implementing, Deactivating, Testing, and Evaluating Secure Resource-Sharing ADP Systems

3
- 0003969633
- CSC-STD-001-83, National Computer Security Center, U.S. Department of Defense, August 15
- CSC-STD-001-83, Trusted Computer System Evaluation Criteria (TCSEC), National Computer Security Center, U.S. Department of Defense, August 15, 1983.
- (1983) Trusted Computer System Evaluation Criteria (TCSEC)

4
- 0003969633
- DoD 5200.28-STD, National Computer Security Center, U.S. Department of Defense, December
- DoD 5200.28-STD, Trusted Computer System Evaluation Criteria (TCSEC), National Computer Security Center, U.S. Department of Defense, December 1985.
- (1985) Trusted Computer System Evaluation Criteria (TCSEC)

5
- 85006089489
- CSC-STD-003-85, National Computer Security Center, U.S. Department of Defense, June
- CSC-STD-003-85, Guidelines for Applying the Trusted Computer System Evaluation Criteria (TCSEC) in Specific Environments, National Computer Security Center, U.S. Department of Defense, June 1985.
- (1985) Guidelines for Applying the Trusted Computer System Evaluation Criteria (TCSEC) in Specific Environments

6
- 85055225359
- CSC-STD-004-85, National Computer Security Center, U.S. Department of Defense
- CSC-STD-004-85, Technical Rationale Behind CSC-STD-003-83, National Computer Security Center, U.S. Department of Defense, 1985.
- (1985) Technical Rationale behind CSC-STD-003-83

7
- 27244453116
- NCSC-TG-025version 2, National Computer Security Center, U.S. Department of Defense, September
- NCSC-TG-025, version 2, A Guide to Understanding Data Remembrance in Automated Information Systems (AIS), National Computer Security Center, U.S. Department of Defense, September 1991.
- (1991) A Guide to Understanding Data Remembrance in Automated Information Systems (AIS)

8
- 0003969639
- NCSC-TG-005, version 1, National Computer Security Center, U.S. Department of Defense, July
- NCSC-TG-005, version 1, Trusted Network Interpretation of the TCSEC, National Computer Security Center, U.S. Department of Defense, July 1987.
- (1987) Trusted Network Interpretation of the TCSEC

9
- 85055233068
- NCSC-TG-011, version 1, National Computer Security Center, U.S. Department of Defense, August 1
- NCSC-TG-011, version 1, Trusted Network Interpretation of the TCSEC, National Computer Security Center, U.S. Department of Defense, August 1, 1990.
- (1990) Trusted Network Interpretation of the TCSEC

10
- 85055235245
- NCSC-TG-021, version 1, National Computer Security Center, U.S. Department of Defense, April
- NCSC-TG-021, version 1, Trusted DBMS Interpretation of the TCSEC, National Computer Security Center, U.S. Department of Defense, April 1991.
- (1991) Trusted DBMS Interpretation of the TCSEC

11
- 84974740905
- DDS-2600–6243–91, version 1, Defense Intelligence Agency, U.S. Department of Defense
- DDS-2600–6243–91, version 1, Compartmented-Mode Workstation Evaluation Criteria, Defense Intelligence Agency, U.S. Department of Defense, 1991.
- (1991) Compartmented-Mode Workstation Evaluation Criteria

12
- 85055226710
- jointly published by the U.S. National Institute of Standards and Technology and National Security Agency, December
- Federal Criteria for Information Technology Security, version 1.0 (Vols. I and II), jointly published by the U.S. National Institute of Standards and Technology and National Security Agency, December 1992.
- (1992) Federal Criteria for Information Technology Security, Version 1.0 (Vols. I and II)

13
- 84910075063
- June
- Information Technology Security Evaluation Criteria (ITSEC), version 1.2, Office for Official Publications of the European Communities, June 1991.
- (1991) Information Technology Security Evaluation Criteria (ITSEC), Version 1.2, Office for Official Publications of the European Communities

14
- 84887118460
- Office for Official Publications of the European Communities
- Information Technology Security Evaluation Manual (ITSEM), Office for Official Publications of the European Communities, 1992.
- (1992) Information Technology Security Evaluation Manual (ITSEM)

15
- 85055224867
- Secure Information Processing versus the Concept of Product Evaluation
- Technical Report ECMA TR/64, December
- Secure Information Processing versus the Concept of Product Evaluation, Technical Report ECMA TR/64, European Computer Manufacturers’ Association, December 1993.
- (1993) European Computer Manufacturers’ Association

16
- 85009906652
- Guidelines for the Security of Infor mation Systems
- November
- Guidelines for the Security of Infor mation Systems, Organization for Economic Cooperation and Development (OECD), November 1992.
- (1992) Organization for Economic Cooperation and Development (OECD)

17
- 85055227349
- The Canadian Trusted Computer Product Evaluation Criteria (CTCPEC), Canadian System Security Centre
- version 3.oe
- The Canadian Trusted Computer Product Evaluation Criteria (CTCPEC), Canadian System Security Centre, Communications Security Establishment, version 3.oe, 1993.
- (1993) Communications Security Establishment

18
- 85055222121
- UKSP01, Communications-Electronics Security Group, March
- UKSP01, UK IT Security Evaluation Scheme: Description of the Scheme, Communications-Electronics Security Group, March 1991.
- (1991) UK IT Security Evaluation Scheme: Description of the Scheme

19
- 85055226794
- ISO/IEC 15408-1(1999-12-01), Information Technology — Security Techniques — Evaluation Criteria for IT Security — Part 1: Introduction and General Model
- ISO/IEC 15408-1(1999-12-01), Information Technology — Security Techniques — Evaluation Criteria for IT Security — Part 1: Introduction and General Model.

20
- 85055233274
- ISO/IEC 15408-2(1999-12-01), Information Technology — Security Techniques — Evaluation Criteria for IT Security — Part 2: Security Functional Requirements
- ISO/IEC 15408-2(1999-12-01), Information Technology — Security Techniques — Evaluation Criteria for IT Security — Part 2: Security Functional Requirements.

21
- 85055220127
- ISO/IEC 15408-3(1999-12-01), Information Technology — Security Techniques — Evaluation Criteria for IT Security — Part 3: Security assurance requirements
- ISO/IEC 15408-3(1999-12-01), Information Technology — Security Techniques — Evaluation Criteria for IT Security — Part 3: Security assurance requirements

22
- 1642466693
- ISO/IEC PDTR 15446(2001-04)
- ISO/IEC PDTR 15446(2001-04), Information Technology — Security Techniques — Guide for the Production of Protection Profiles and Security Targets.
- Information Technology — Security Techniques — Guide for the Production of Protection Profiles and Security Targets

23
- 34249312049
- May 23
- Arrangement on the Recognition of Common Criteria Certificates in the Field of Information Technology Security, May 23, 2000.
- (2000) Arrangement on the Recognition of Common Criteria Certificates in the Field of Information Technology Security

24
- 85055217191
- CEM-97/017, Part 1: Introduction and General Model, version 0.6, November
- CEM-97/017, Common Methodology for Information Technology Security Evaluation, Part 1: Introduction and General Model, version 0.6, November 1997.
- (1997) Common Methodology for Information Technology Security Evaluation

25
- 0003765587
- CEM-99/045, Part 2: Evaluation Methodology, version 1.0, August
- CEM-99/045, Common Methodology for Information Technology Security Evaluation, Part 2: Evaluation Methodology, version 1.0, August 1999.
- (1999) Common Methodology for Information Technology Security Evaluation

26
- 34247123533
- CC/CEM supplements: (a) CEM-2001/0015R, Part 2: Evaluation Methodology, Supplement: ALC_FLR — Flaw Remediation, version 1.1, February, and (b) CCIMB-2002-04-011, Common Methodology for Information Technology Security Evaluation, Supplement: ASE — Security Target Evaluation, (draft) version 0.6, May 2002
- CC/CEM supplements: (a) CEM-2001/0015R, Common Methodology for Information Technology Security Evaluation, Part 2: Evaluation Methodology, Supplement: ALC_FLR — Flaw Remediation, version 1.1, February 2002; and (b) CCIMB-2002-04-011, Common Methodology for Information Technology Security Evaluation, Supplement: ASE — Security Target Evaluation, (draft) version 0.6, May 2002.
- (2002) Common Methodology for Information Technology Security Evaluation

27
- 85055236103
- 1C Requirements Unclear, November 12
- CCIMB Final Interpretation-004, ACM_SCP. 1C Requirements Unclear, November 12, 2001.
- (2001) Final Interpretation-004, ACM_SCP

28
- 85055236784
- Virtual Machine Description, October 15
- CCIMB Final Interpretation-006, Virtual Machine Description, October 15, 2000.
- (2000) Final Interpretation-006

29
- 85055235392
- July 31
- CCIMB Final Interpretation-Augmented and Conformant Overlap, July 31, 2001.
- (2001) Final Interpretation-Augmented and Conformant Overlap

30
- 85055226303
- April 13
- CCIMB Final Interpretation-009, Definition of “Counter,” April 13, 2001.
- (2001) Final Interpretation-009, Definition of “Counter,”

31
- 85055215878
- October 15
- CCIMB Final Interpretation-013, Multiple SOF Claims for Multiple Domains in a Single TOE, October 15, 2000.
- (2000) Final Interpretation-013, Multiple SOF Claims for Multiple Domains in a Single TOE

32
- 85055232186
- February 16
- CCIMB Final Interpretation-024, Required Evaluation Evidence for Commercial “Off the Shelf” (COTS) Products, February 16, 2001.
- (2001) Final Interpretation-024, Required Evaluation Evidence for Commercial “Off the Shelf” (COTS) Products

33
- 85055218950
- July 31
- CCIMB Final Interpretation-025, Level of Detail Required for Hardware Descriptions, July 31, 2001.
- (2001) Final Interpretation-025, Level of Detail Required for Hardware Descriptions

34
- 85055236675
- February 16
- CCIMB Final Interpretation-027, Events and Functions in AGD_ADM, February 16, 2001.
- (2001) Final Interpretation-027, Events and Functions in AGD_ADM

35
- 85055223758
- February 16
- CCIMB Final Interpretation-031, Obvious Vulnerabilities, February 16, 2001.
- (2001) Final Interpretation-031, Obvious Vulnerabilities

36
- 85055235773
- October 15
- CCIMB Final Interpretation-032, Strength of Function Analysis in ASE_TSS, October 15, 2000.
- (2000) Final Interpretation-032, Strength of Function Analysis in ASE_TSS

37
- 85055227035
- October 15
- CCIMB Final Interpretation-033, Use of “Check” in Part 3, October 15, 2000.
- (2000) Final Interpretation-033, Use of “Check” in Part 3

38
- 85055221986
- February 16
- CCIMB Final Interpretation-037, ACM on Product or TOE?, February 16, 2001.
- (2001) Final Interpretation-037, ACM on Product Or TOE?

39
- 85055232043
- February 16
- CCIMB Final Interpretation-043, Meaning of “Clearly Stated” in APE/ASE_OBJ.1, February 16, 2001.
- (2001) Final Interpretation-043, Meaning of “Clearly Stated” in APE/ASE_OBJ.1

40
- 85055235252
- February 16
- CCIMB Final Interpretation-049, Threats Met by Environment, February 16, 2001.
- (2001) Final Interpretation-049, Threats Met by Environment

41
- 85055231079
- FPT_RCV, October 15
- CCIMB Final Interpretation-055, Incorrect Components Referenced in Part 2 Annexes, FPT_RCV, October 15, 2000.
- (2000) Final Interpretation-055, Incorrect Components Referenced in Part 2 Annexes

42
- 85055231174
- July 31
- CCIMB Final Interpretation-058, Confusion Over Refinement, July 31, 2001.
- (2001) Final Interpretation-058, Confusion over Refinement

43
- 85055224329
- July 13
- CCIMB Final Interpretation-062, Confusion Over Source of Flaw Reports, July 13, 2001.
- (2001) Final Interpretation-062, Confusion over Source of Flaw Reports

44
- 85055217865
- February 16
- CCIMB Final Interpretation-064, Apparent Higher Standard for Explicitly Stated Requirements, February 16, 2001.
- (2001) Final Interpretation-064, Apparent Higher Standard for Explicitly Stated Requirements

45
- 85055218365
- July 31
- CCIMB Final Interpretation-065, No Component to call out Security Function Management, July 31, 2001.
- (2001) Final Interpretation-065, No Component to Call out Security Function Management

46
- 85055230002
- October, 15
- CCIMB Final Interpretation-067, Application Notes Missing in ST, October, 15, 2000.
- (2000) Final Interpretation-067, Application Notes Missing in ST

47
- 85055228989
- March 30
- CCIMB Final Interpretation-069, Informal Security Policy Model, March 30, 2001.
- (2001) Final Interpretation-069, Informal Security Policy Model

48
- 85055236049
- October 15
- CCIMB Final Interpretation-074, Duplicate Informative Text for ATE_COV.2-3 and ATE_DPT.1-3, October 15, 2000.
- (2000) Final Interpretation-074, Duplicate Informative Text for ATE_COV.2-3 and ATE_DPT.1-3

49
- 85055227994
- October 15
- CCIMB Final Interpretation-075, Duplicate Informative Text for ATE_FUN.1-4 and ATE_IND.2-1, October 15, 2000.
- (2000) Final Interpretation-075, Duplicate Informative Text for ATE_FUN.1-4 and ATE_IND.2-1

50
- 85055232350
- October 15
- CCIMB Final Interpretation-080, APE_REQ.1-12 Does Not Use “Shall Examine … to Determine,” October 15, 2000.
- (2000) Final Interpretation-080, APE_REQ.1-12 Does Not Use “Shall Examine … to Determine

51
- 85055230903
- February 16
- CCIMB Final Interpretation-084, Separate Objectives for TOE and Environment, February 16, 2001.
- (2001) Final Interpretation-084, Separate Objectives for TOE and Environment

52
- 85055230755
- July 31
- CCIMB Final Interpretation-092, Release of the TOE, July 31, 2001.
- (2001) Final Interpretation-092, Release of the TOE

53
- 85055224447
- July 31
- CCIMB Final Interpretation-094, FLR Guidance Documents Missing, July 31, 2001.
- (2001) Final Interpretation-094, FLR Guidance Documents Missing

54
- 85055228235
- February 16
- CCIMB Final Interpretation-095, ACM_CAP Dependency on ACM_SCP, February 16, 2001.
- (2001) Final Interpretation-095, ACM_CAP Dependency on ACM_SCP

55
- 85055221856
- July 31
- CCIMB Final Interpretation-116, Indistinguishable Work Units for ADO_DEL, July 31, 2001.
- (2001) Final Interpretation-116, Indistinguishable Work Units for ADO_DEL

56
- 85055222475
- July 31
- CCIMB Final Interpretation-120, Indistinguishable Work Units for ADO_DEL, July 31, 2001.
- (2001) Final Interpretation-120, Indistinguishable Work Units for ADO_DEL

57
- 85055228102
- October 29
- CCIMB Final Interpretation-127, Work Unit Not at the Right Place, October 29, 2001.
- (2001) Final Interpretation-127, Work Unit Not at the Right Place

58
- 85055235625
- October 29
- CCIMB Final Interpretation-128, Coverage of the Delivery Procedures, October 29, 2001.
- (2001) Final Interpretation-128, Coverage of the Delivery Procedures

59
- 85055237931
- February 16
- CCIMB Final Interpretation-133, Consistency Analysis in AVA_MSU.2, February 16, 2001.
- (2001) Final Interpretation-133, Consistency Analysis in AVA_MSU.2

60
- 11744346913
- General Criteria for the Operation of Testing Laboratories
- EN 45001
- EN 45001, General Criteria for the Operation of Testing Laboratories, CEN/CENELEC, 1989.
- (1989) CEN/CENELEC

61
- 0006768892
- EN 45011, CEN/CENELEC
- EN 45011, General Criteria for Certification Bodies Operating Product Certification Systems, CEN/CENELEC, 1989.
- (1989) General Criteria for Certification Bodies Operating Product Certification Systems

62
- 0004020195
- ISO/IEC 13335-1(1996-12)
- ISO/IEC 13335-1(1996-12), Information Technology — Guidelines for the Management of IT Security — Part 1: Concepts and Models for IT Security.
- Information Technology — Guidelines for the Management of IT Security — Part 1: Concepts and Models for IT Security

63
- 0006489716
- ISO/IEC 13335-2(1997-12), Information Technology — Guidelines for the Management of IT Security — Part 2: Managing and Planning IT Security.
- Information Technology — Guidelines for the Management of IT Security — Part 2: Managing and Planning IT Security

64
- 0006501747
- ISO/IEC 13335-3(1998-06), Information Technology — Guidelines for the Management of IT Security — Part 3: Techniques for the Management of IT Security.
- Information Technology — Guidelines for the Management of IT Security — Part 3: Techniques for the Management of IT Security

65
- 33745894731
- ISO/IEC 13335-4(2000-03), Information Technology — Guidelines for the Management of IT Security — Part 4: Selection of Safeguards.
- Information Technology — Guidelines for the Management of IT Security — Part 4: Selection of Safeguards

66
- 85055229530
- ISO/IEC 13335-5(2001-11), Information Technology — Guidelines for the Management of IT Security — Part 5: Management Guidance on Network Security.
- Information Technology — Guidelines for the Management of IT Security — Part 5: Management Guidance on Network Security

67
- 0004071456
- ISO/IEC 17025(1999)
- ISO/IEC 17025(1999), General Requirements for the Competence of Calibration and Testing Laboratories; superseded ISO/IEC Guide 25 (1990).
- (1990) General Requirements for the Competence of Calibration and Testing Laboratories; Superseded ISO/IEC Guide 25

68
- 0037601071
- ISO/IEC Guide 65
- ISO/IEC Guide 65(1996), General Requirements for Bodies Operating Product Certification Systems.
- (1996) General Requirements for Bodies Operating Product Certification Systems

69
- 0012213034
- ISO/IEC 17799(2000-12)
- ISO/IEC 17799(2000-12), Information Technology — Code of Practice for Information Security Management.
- Information Technology — Code of Practice for Information Security Management

70
- 85055223319
- ISO/IEC 15292(2001-12)
- ISO/IEC 15292(2001-12), Information Technology — Security Techniques — Protection Profile registration procedures.
- Information Technology — Security Techniques — Protection Profile Registration Procedures

71
- 85055217523
- ISO 2382-8(1998-11)
- ISO 2382-8(1998-11), 2.0, Information Technology — Vocabulary — Part 8: Security.
- 2.0, Information Technology — Vocabulary — Part 8: Security

72
- 85055217159
- ISO 9000(2000)
- ISO 9000(2000) Compendium, International Standards for Quality Management.
- Compendium, International Standards for Quality Management

73
- 85055234748
- National Security Telecommunications and Information System Security Committee, January
- NSTISSP #11: National Information Assurance Acquisition Policy, National Security Telecommunications and Information System Security Committee, January 2000.
- (2000) NSTISSP #11: National Information Assurance Acquisition Policy

74
- 85055215385
- NSTISSAM INFOSEC/2-00, February 8
- NSTISSAM INFOSEC/2-00, Advisory Memorandum for the Strategy for Using the National Information Assurance Partnership (NIAP®) for the Evaluation of Commercial Off-the-Shelf (COTS) Security Enabled Information Technology Products, February 8, 2000.
- (2000) Advisory Memorandum for the Strategy for Using the National Information Assurance Partnership (NIAP®) for the Evaluation of Commercial Off-The-Shelf (COTS) Security Enabled Information Technology Products

75
- 85055230330
- NSTISSAM COMPUSEC/1-99, March 11
- NSTISSAM COMPUSEC/1-99, Advisory Memorandum on the Transition from the Trusted Computer System Evaluation Criteria (TCSEC) to the International Common Criteria for Information Technology Security Evaluation, March 11, 1999.
- (1999) Advisory Memorandum on the Transition from the Trusted Computer System Evaluation Criteria (TCSEC) to the International Common Criteria for Information Technology Security Evaluation

76
- 85055220142
- National Information Assurance Certification and Accreditation Process (NIACAP)
- NSTISSI #1000, April
- NSTISSI #1000: National Information Assurance Certification and Accreditation Process (NIACAP), National Security Telecommunications and Information System Security Committee, April 2000.
- (2000) National Security Telecommunications and Information System Security Committee

77
- 85055234772
- National Information System Security (INFOSEC) Glossary
- NSTISSI #4009, January
- NSTISSI #4009: National Information System Security (INFOSEC) Glossary, National Security Telecommunications and Information System Security Committee, January 1999.
- (1999) National Security Telecommunications and Information System Security Committee

78
- 1242295745
- Security Requirements for Cryptographic Modules
- FIPS PUB 140-2, U.S. Department of Commerce, May 25
- FIPS PUB 140-2, Security Requirements for Cryptographic Modules, National Institute of Standards and Technology, U.S. Department of Commerce, May 25, 2001.
- (2001) National Institute of Standards and Technology

79
- 84883480464
- Advanced Encryption Standard (AES)
- FIPS PUB 197, U.S. Department of Commerce, November 26
- FIPS PUB 197, Advanced Encryption Standard (AES), National Institute of Standards and Technology, U.S. Department of Commerce, November 26, 2001.
- (2001) National Institute of Standards and Technology

80
- 85055221869
- NIST Special Publication 800-21, U.S. Department of Commerce, November
- NIST Special Publication 800-21, Guidelines for Implementing Cryptography in the Federal Government, National Institute of Standards and Technology, U.S. Department of Commerce, November 1999.
- (1999) Guidelines for Implementing Cryptography in the Federal Government, National Institute of Standards and Technology

81
- 85055234423
- Guidelines to Federal Organizations on Security Assurance and Acquisition: Use of Tested/Evaluated Products
- NIST Special Publication 800-23, U.S. Department of Commerce, August
- NIST Special Publication 800-23, Guidelines to Federal Organizations on Security Assurance and Acquisition: Use of Tested/Evaluated Products, National Institute of Standards and Technology, U.S. Department of Commerce, August 2000.
- (2000) National Institute of Standards and Technology

82
- 33847535385
- Public Law 100-235, January 8
- Public Law 100-235, Computer Security Act of 1987, January 8, 1988.
- (1988) Computer Security Act of 1987

83
- 84941208447
- Public Law 104-106
- Public Law 104-106, Information Technology Management Reform Act 1996.
- (1996) Information Technology Management Reform Act

84
- 85055230313
- OMB Circular A-130, February 8
- OMB Circular A-130, Appendix III: Security of Federal Automated Infor mation Resources, February 8, 1996.
- (1996) Appendix III: Security of Federal Automated Infor Mation Resources

85
- 85055227462
- PDD-63, May 13
- PDD-63, Critical Infrastructure Protection, Presidential Decision Directive, May 13, 1998.
- (1998) Critical Infrastructure Protection, Presidential Decision Directive

86
- 35248812243
- version 3.0, September
- Information Assurance Technical Framework (IATF), version 3.0, September 2000.
- (2000) Information Assurance Technical Framework (IATF)

87
- 25444518184
- version 2.0April
- System Security Engineering Capability Maturity Model (SSE-CMM), version 2.0, April 1999.
- (1999) System Security Engineering Capability Maturity Model (SSE-CMM)

88
- 0004451777
- April
- Systems Security Engineering Capability Maturity Model (SSE-CMM) Appraisal Method, version 2.0, April 1999.
- (1999) Systems Security Engineering Capability Maturity Model (SSE-CMM) Appraisal Method, Version 2.0

89
- 85055221139
- June
- Common Criteria ToolboxTM, version 6.0f, June 2001.
- (2001) Common Criteria Toolboxtm, Version 6.0F

90
- 85055227655
- Application of the Protection Profile to Define Requirements for a Telecommunications Services Contract
- CERIAS, Purdue University, West Lafayette, IN, March
- Abrams, M., Parraga, F., and Veoni, J., Application of the Protection Profile to Define Requirements for a Telecommunications Services Contract, Paper presented at the 1st Symposium on Requirements Engineering for Information Security, CERIAS, Purdue University, West Lafayette, IN, March 2001.
- (2001) Paper Presented at the 1St Symposium on Requirements Engineering for Information Security
- Abrams, M.¹ Parraga, F.² Veoni, J.³

91
- 85055229376
- October
- Belvin, F., Introduction to the CEM, paper presented at the 23rd National Information Systems Security Conference, October 2000.
- (2000) Introduction to the CEM, Paper Presented at the 23Rd National Information Systems Security Conference
- Belvin, F.¹

92
- 85008030192
- Building an international security standard
- Caplan, K. and Sanders, J., Building an international security standard, IT Professional, 1(2), 29–34, 1999.
- (1999) IT Professional , vol.1 , Issue.2 , pp. 29-34
- Caplan, K.¹ Sanders, J.²

93
- 85055236287
- October
- Common Criteria: An Introduction, Common Criteria Project Sponsoring Organizations, October 1999.
- (1999) Common Criteria: An Introduction, Common Criteria Project Sponsoring Organizations

94
- 0003765587
- October
- Common Criteria for Information Technology Security Evaluation: User Guide, Common Criteria Project Sponsoring Organizations, October 1999.
- (1999) Common Criteria for Information Technology Security Evaluation: User Guide, Common Criteria Project Sponsoring Organizations

95
- 85060409988
- June 22, p
- Gertz, B., CIA: Russia, China working on infor mation warfare, The Washington Times, June 22, 2001, p. A3.
- (2001) CIA: Russia, China Working on Infor Mation Warfare, the Washington Times , pp. A3
- Gertz, B.¹

96
- 0035265773
- Application of Common Criteria to telecomm services
- Herrmann, D. and Keith, S., Application of Common Criteria to telecomm services, Computer Security Journal, 17(2), 21–28, 2001.
- (2001) Computer Security Journal , vol.17 , Issue.2 , pp. 21-28
- Herrmann, D.¹ Keith, S.²

97
- 85055778568
- Auerbach, Boca Raton, FL
- Herrmann, D., A Practical Guide to Security Engineering and Information Assurance, Auerbach, Boca Raton, FL, 2001.
- (2001) A Practical Guide to Security Engineering and Information Assurance
- Herrmann, D.¹

98
- 85055216596
- October
- Kekicheff, M., Kashef, F., and Brewer, D., The Open Platform Protection Profile (OP3): Taking the Common Criteria to the Outer Limits, paper pr esented at the 23rd National Information Systems Security Conference, October 2000.
- (2000) The Open Platform Protection Profile (OP3): Taking the Common Criteria to the Outer Limits, Paper Pr Esented at the 23Rd National Information Systems Security Conference
- Kekicheff, M.¹ Kashef, F.² Brewer, D.³

99
- 85055228607
- October
- McEvilley, M., Introduction to the Common Criteria, paper presented at the 23rd National Information Systems Security Conference, October 2000.
- (2000) Introduction to the Common Criteria, Paper Presented at the 23Rd National Information Systems Security Conference
- McEvilley, M.¹

100
- 85055226364
- Scheme Publication 1, National Information Assurance Partnership, May
- NIAP, Organization, Management, and Concept of Operations, version 2.0, Common Criteria Evaluation and Validation Scheme (CCEVS) for IT Security, Scheme Publication 1, National Information Assurance Partnership, May 1999.
- (1999) Organization, Management, and Concept of Operations, Version 2.0, Common Criteria Evaluation and Validation Scheme (CCEVS) for IT Security

101
- 85055235630
- Validation Body Standard Operating Procedures, draft 1.5, Common Criteria Evaluation and Validation Scheme (CCEVS) for IT Security
- NIAP, Validation Body Standard Operating Procedures, draft 1.5, Common Criteria Evaluation and Validation Scheme (CCEVS) for IT Security, Scheme Publication 2
- Scheme Publication 2

102
- 85055223789
- May
- National Information Assurance Partnership, May 2000.
- (2000) National Information Assurance Partnership

103
- 85055225722
- Guidance to Validators of IT Security Evaluations, Common Criteria Evaluation and Validation Scheme (CCEVS) for IT Security
- February
- NIAP, Guidance to Validators of IT Security Evaluations, Common Criteria Evaluation and Validation Scheme (CCEVS) for IT Security, Scheme Publication 3, National Information Assurance Partnership, February 2002.
- (2002) Scheme Publication 3, National Information Assurance Partnership

104
- 85055224178
- Guidance to Common Criteria Testing Laboratories (CCTLs), version 1.0, Common Criteria Evaluation and Validation Scheme (CCEVS) for IT Security
- March 20
- NIAP, Guidance to Common Criteria Testing Laboratories (CCTLs), version 1.0, Common Criteria Evaluation and Validation Scheme (CCEVS) for IT Security, Scheme Publication 4, National Information Assurance Partnership, March 20, 2001.
- (2001) Scheme Publication 4, National Information Assurance Partnership

105
- 85055218976
- Guidance to Sponsors of IT Security Evaluations, draft 1.0, Common Criteria Evaluation and Validation Scheme (CCEVS) for IT Security, Scheme Publication 5
- August 31
- NIAP, Guidance to Sponsors of IT Security Evaluations, draft 1.0, Common Criteria Evaluation and Validation Scheme (CCEVS) for IT Security, Scheme Publication 5, National Information Assurance Partnership, August 31, 2000.
- (2000) National Information Assurance Partnership

106
- 85055221301
- Certificate Maintenance Program, Common Criteria Evaluation and Validation Scheme (CCEVS) for IT Security
- December
- NIAP, Certificate Maintenance Program, Common Criteria Evaluation and Validation Scheme (CCEVS) for IT Security, Scheme Publication 6, National Information Assurance Partnership, December 2002.
- (2002) Scheme Publication 6, National Information Assurance Partnership

107
- 85055228789
- note: this document is updated annually
- NVLAP Directory 2002, NIST Special Publication 810, National Institute of Standards and Technology (note: this document is updated annually).
- Directory 2002, NIST Special Publication 810, National Institute of Standards and Technology

108
- 0004131498
- Addison-Wesley, Reading, MA
- Neumann, P., Computer Related Risks, Addison-Wesley, Reading, MA, 1995.
- (1995) Computer Related Risks
- Neumann, P.¹

109
- 85055224222
- July
- NVLAP Handbook 150, National Institute of Standards and Technology and U.S. Department of Commerce, July 2001.
- (2001) Handbook 150, National Institute of Standards and Technology and U.S. Department of Commerce

110
- 85055229138
- Cryptographic Module TestingNVLAP, June
- Cryptographic Module Testing, NVLAP Handbook 150-17, National Institute of Standards and Technology and U.S. Department of Commerce, June 2000.
- (2000) Handbook 150-17, National Institute of Standards and Technology and U.S. Department of Commerce

111
- 85055235708
- Information Security Testing: Common Criteria, version 1.1, NVLAP (draft) Handbook 150-20, April
- Information Security Testing: Common Criteria, version 1.1, NVLAP (draft) Handbook 150-20, National Institute of Standards and Technology and U.S. Department of Commerce, April 1999.
- (1999) National Institute of Standards and Technology and U.S. Department of Commerce

112
- 85055229000
- Written Procedures for NVLAP® Handbook 150-20, October
- Written Procedures for NVLAP® Handbook 150-20, NVLAP Lab Bulletin LB-5-2001, October 2001.
- (2001) NVLAP Lab Bulletin LB-5-2001

113
- 85055234141
- October
- Olthoff, K., Thoughts and Questions on Common Criteria Evaluations, paper presented at the 23rd National Information Systems Security Conference, October 2000.
- (2000) Thoughts and Questions on Common Criteria Evaluations, Paper Presented at the 23Rd National Information Systems Security Conference
- Olthoff, K.¹

114
- 85055218405
- October
- Smith, R., Trends in Government Endorsed Security Product Evaluations, paper presented at the 23rd National Information Systems Security Conference, October 2000.
- (2000) Trends in Government Endorsed Security Product Evaluations, Paper Presented at the 23Rd National Information Systems Security Conference
- Smith, R.¹

115
- 85055236143
- October
- TM, paper presented at the 23rd National Information Systems Security Conference, October 2000.
- (2000) tm, Paper Presented at the 23Rd National Information Systems Security Conference
- Towns, M.¹

116
- 85055222792
- www.commoncriteria.org; centralized resource for current information about the Common Criteria standards, members, and events
- www.commoncriteria.org; centralized resource for current information about the Common Criteria standards, members, and events.

117
- 85055225052
- www.iatf.net; Information Assurance Technical Framework standard and forum
- www.iatf.net; Information Assurance Technical Framework standard and forum.

118
- 84882215927
- www.nstissc.gov/Assets/pdf/nstissi_1000.pdf; National Information Assurance Certification and Accreditation Process (NIACAP).
- National Information Assurance Certification and Accreditation Process (NIACAP)

119
- 84882631936
- Http://niap.nist.gov; National Information Assurance Partnership (NIAP®).
- National Information Assurance Partnership (NIAP®)

120
- 85055234055
- http://csrc.nist.gov; National Institute of Standards and Technology (NIST), Computer Security Resource Clearinghouse.
- National Institute of Standards and Technology (NIST), Computer Security Resource Clearinghouse

121
- 85055216599
- information about NIST cryptographic validation program
- http://csrc.nist.gov/crptval; information about NIST cryptographic validation program.

122
- 85055221497
- www.nist.gov/nvlap
- www.nist.gov/nvlap; National Voluntary Laboratory Accr editation Program (NVLAP®) publications, including current listing of accredited laboratories.
- National Voluntary Laboratory Accr Editation Program (NVLAP®) Publications, including Current Listing of Accredited Laboratories

123
- 85055223149
- Computer and information security policy
- http://secinf.net/info/policy/hk_polic.html; Computer and information security policy.

124
- 85055220917
- www.psycom.net/war.1.html; Institute for the Advanced Study of Information Warfare.
- Institute for the Advanced Study of Information Warfare

125
- 29944439716
- www.iec.ch.org
- www.iec.ch.org; International Electrotechnical Commission.
- International Electrotechnical Commission

126
- 85055219536
- www.sse-cmm.org/librarie.htm
- www.sse-cmm.org/librarie.htm; Latest information about SSE–CMM.
- Latest Information about SSE–CMM

127
- 85055219536
- www.issea.org
- www.issea.org; Latest information about SSE–CMM.
- Latest Information about SSE–CMM

* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.