Computer Security Evaluation FAQ
Frequently Asked Questions about computer security evaluation.
This FAQ about computer security evaluation was compiled and written by Trusted Product Evaluation Program TPEP@dockmaster.ncsc.mil.
01 What is the National Computer Security Center (NCSC)?- The Department of Defense Computer Security Center ...
- 02 What is TPEP? (Computer Security Evaluation)
- The Trusted Product Evaluation Program (TPEP) is the program ...
- 03 How is TPEP related to the National Security Agency (NSA)?
- Both the Trusted Product Evaluation Program (TPEP) and ...
- 04 How is TPEP related to the National Institute of Standards and Technology (NIST)?
- In Public Law 100-235 congress directed the National ...
- 05 How do I contact the TPEP?
- The Trusted Product Evaluation Program can be reached by mail ...
- 06 What is the TTAP? (Computer Security Evaluation)
- The Trust Technology Assessment Program (TTAP) is a ...
- 07 What is Dockmaster? (Computer Security Evaluation)
- Dockmaster, or more precisely dockmaster.ncsc.mil, is ...
- 08 Why doesn't TPEP have a WWW server on Dockmaster?
- Many desirable network access features are not available in ...
- 09 What is the criteria used for evaluation? (Computer Security Evaluation)
- The criteria currently used by the Trusted Product ...
- 10 What is the TCSEC? (Computer Security Evaluation)
- The Trusted Computer System Evaluation Criteria (TCSEC) is ...
- 11 What are interpretations? (Computer Security Evaluation)
- It is often the case that there are several ways to read ...
- 12 What is the Interpreted TCSEC (ITCSEC)? (Computer Security Evaluation)
- The Interpreted Trusted Computer System Evaluation ...
- 13 What is the ITSEC (as opposed to the ITCSEC)? (Computer Security Evaluation)
- The Information Technology Security Evaluation Criteria (ITSEC)...
- 14 What is the CTCPEC? (Computer Security Evaluation)
- The Canadian Trusted Computer Product Evaluation Criteria ...
- 15 What is the Common Criteria? (Computer Security Evaluation)
- The Common Criteria (CC) occasionally (and ...
- 16 What is the TNI? (Computer Security Evaluation)
- The Trusted Network Interpretation (TNI) of the TCSEC, ...
- 17 What is the TDI? (Computer Security Evaluation)
- The Trusted Database Interpretation (TDI) of the TCSEC ...
- 18 What is the Rainbow Series? (Computer Security Evaluation)
- The Rainbow Series is the name given to the collection ...
- 19 What are Process Action Team (PAT) Guidance Working Group (PGWG) documents? (Computer Security Evaluation)
- The PGWG (often pronounced pig-wig) documents are also ...
- 20 Is there a criteria for commercial (as opposed to military) systems? (Computer Security Evaluation)
- The Trusted Product Evaluation Program (TPEP) is prohibited ...
- 21 What is the Federal Criteria? (Computer Security Evaluation)
- The Federal Criteria was an attempt to develop a criteria ...
- 22 What are security features? (Computer Security Evaluation)
- A security feature is a specific implementable function in ...
- 23 What is assurance? (Computer Security Evaluation)
- In the context of the Trusted Computer System ...
- 24 What is a division? (Computer Security Evaluation)
- A division is a set of classes (see Question 5) from ...
- 25 What is a class? (Computer Security Evaluation)
- A class is the specific collection of requirements in ...
- 26 What is a network component? (Computer Security Evaluation)
- A network component is the target of evaluation for a ...
- 27 What is a Network Security Architecture Design (NSAD) document? (Computer Security Evaluation)
- The documentation for a network component (see Section III,...
- 28 How do I interpret a rating? (Computer Security Evaluation)
- A product evaluated by the Trusted Product Evaluation ...
- 29 The TCSEC is 10 years old, doesn't that mean it's outdated? (Computer Security Evaluation)
- The Trusted Computer System Evaluation Criteria (TCSEC) ...
- 30 How do the TCSEC and its interpretations apply to routers and firewalls? (Computer Security Evaluation)
- The Trusted Network Interpretation (TNI) of the TCSEC has ...
- 31 Does a trusted system require custom hardware? (Computer Security Evaluation)
- A system does not require custom hardware to be ...
- 32 What are the requirements for a D/C1/C2/B1/B2/B3/A1 system? (Computer Security Evaluation)
- The Interpreted Trusted Computer System Evaluation ...
- 33 How do I get my product evaluated? (Computer Security Evaluation)
- Product developers who have a product that they wish to ...
- 34 What is the evaluation process? (Computer Security Evaluation)
- The evaluation process is described in detail ...
- 35 How long does an evaluation take? (Computer Security Evaluation)
- The length of time a developer needs to prepare for ...
- 36 How much does an evaluation cost? (Computer Security Evaluation)
- The Trusted Product Evaluation Program (TPEP) does not ...
- 37 How do I find out about the evaluation process? (Computer Security Evaluation)
- For an abstract view of the evaluation process you can ...
- 38 Who actually performs the evaluations? (Computer Security Evaluation)
- Trusted product evaluators come from the Trusted ...
- 39 What information is released about an evaluated product? (Computer Security Evaluation)
- As we begin working with a product, the vendor and ...
- 40 What is RAMP? (Computer Security Evaluation)
- The Rating Maintenance Phase (RAMP) Program was established ...
- 41 Should I buy an evaluated product? (Computer Security Evaluation)
- An evaluated product has the benefit of providing ...
- 42 Does NSA buy/use evaluated products? (Computer Security Evaluation)
- NSA endevours to be an exemplary customer of the products ...
- 43 How do I know if a product is evaluated? (Computer Security Evaluation)
- The simplest way to find out if a product is not evaluated ...
- 44 What does it mean for a product to be "in evaluation"? (Computer Security Evaluation)
- In the past it has been the case that Trusted ...
- 45 What does it mean for a product to be "compliant" with the TCSEC? (Computer Security Evaluation)
- If a product has been evaluated by the Trusted ...
- 46 What and where is the Evaluated Products List (EPL)? (Computer Security Evaluation)
- The Evaluated Products List (EPL) officially is ...
- 47 How do I get a copy of an evaluation report? (Computer Security Evaluation)
- Single copies of evaluation reports are available without ...
- 48 Is an evaluated product "hacker proof?" (Computer Security Evaluation)
- No product can be guaranteed to be hacker proof ...
- 49 What is the rating of DOS? (Computer Security Evaluation)
- MS-DOS, PC-DOS, and DR-DOS have not been evaluated. ...
- 50 What is the rating of UNIX? (Computer Security Evaluation)
- There are a number of evaluated products conforming to one ...
- 51 What should I do if evaluated Product X appears to fail a requirement? (Computer Security Evaluation)
- If an evaluated product does not seem to meet the requirements,...
- 52 Why should I buy a B2/B3/A1 product over a C2/B1 product? (Computer Security Evaluation)
- While the features and assurances of each class increase, ...
- 53 Is there an approved program to declassify my hard drive? (Computer Security Evaluation)
- In summary, no; in general, overwriting may be sufficient to ...
My Books
