Computer Security Evaluation FAQ
Frequently Asked Questions about computer security evaluation.
This FAQ about computer security evaluation
was compiled and written by Trusted Product Evaluation Program TPEP@dockmaster.ncsc.mil.
01 What is the National Computer Security Center (NCSC)?- The Department of Defense Computer Security Center ...
02 What is TPEP? (Computer Security Evaluation)- The Trusted Product Evaluation Program (TPEP) is the program ...
03 How is TPEP related to the National Security Agency (NSA)?- Both the Trusted Product Evaluation Program (TPEP) and ...
04 How is TPEP related to the National Institute of Standards and Technology (NIST)?- In Public Law 100-235 congress directed the National ...
05 How do I contact the TPEP?- The Trusted Product Evaluation Program can be reached by mail ...
06 What is the TTAP? (Computer Security Evaluation)- The Trust Technology Assessment Program (TTAP) is a ...
07 What is Dockmaster? (Computer Security Evaluation)- Dockmaster, or more precisely dockmaster.ncsc.mil, is ...
08 Why doesn't TPEP have a WWW server on Dockmaster?- Many desirable network access features are not available in ...
09 What is the criteria used for evaluation? (Computer Security Evaluation)- The criteria currently used by the Trusted Product ...
10 What is the TCSEC? (Computer Security Evaluation)- The Trusted Computer System Evaluation Criteria (TCSEC) is ...
11 What are interpretations? (Computer Security Evaluation)- It is often the case that there are several ways to read ...
12 What is the Interpreted TCSEC (ITCSEC)? (Computer Security Evaluation)- The Interpreted Trusted Computer System Evaluation ...
13 What is the ITSEC (as opposed to the ITCSEC)? (Computer Security Evaluation)- The Information Technology Security Evaluation Criteria (ITSEC)...
14 What is the CTCPEC? (Computer Security Evaluation)- The Canadian Trusted Computer Product Evaluation Criteria ...
15 What is the Common Criteria? (Computer Security Evaluation)- The Common Criteria (CC) occasionally (and ...
16 What is the TNI? (Computer Security Evaluation)- The Trusted Network Interpretation (TNI) of the TCSEC, ...
17 What is the TDI? (Computer Security Evaluation)- The Trusted Database Interpretation (TDI) of the TCSEC ...
18 What is the Rainbow Series? (Computer Security Evaluation)- The Rainbow Series is the name given to the collection ...
19 What are Process Action Team (PAT) Guidance Working Group (PGWG) documents? (Computer Security Evaluation)- The PGWG (often pronounced pig-wig) documents are also ...
20 Is there a criteria for commercial (as opposed to military) systems? (Computer Security Evaluation)- The Trusted Product Evaluation Program (TPEP) is prohibited ...
21 What is the Federal Criteria? (Computer Security Evaluation)- The Federal Criteria was an attempt to develop a criteria ...
22 What are security features? (Computer Security Evaluation)- A security feature is a specific implementable function in ...
23 What is assurance? (Computer Security Evaluation)- In the context of the Trusted Computer System ...
24 What is a division? (Computer Security Evaluation)- A division is a set of classes (see Question 5) from ...
25 What is a class? (Computer Security Evaluation)- A class is the specific collection of requirements in ...
26 What is a network component? (Computer Security Evaluation)- A network component is the target of evaluation for a ...
27 What is a Network Security Architecture Design (NSAD) document? (Computer Security Evaluation)- The documentation for a network component (see Section III,...
28 How do I interpret a rating? (Computer Security Evaluation)- A product evaluated by the Trusted Product Evaluation ...
29 The TCSEC is 10 years old, doesn't that mean it's outdated? (Computer Security Evaluation)- The Trusted Computer System Evaluation Criteria (TCSEC) ...
30 How do the TCSEC and its interpretations apply to routers and firewalls? (Computer Security Evaluation)- The Trusted Network Interpretation (TNI) of the TCSEC has ...
31 Does a trusted system require custom hardware? (Computer Security Evaluation)- A system does not require custom hardware to be ...
32 What are the requirements for a D/C1/C2/B1/B2/B3/A1 system? (Computer Security Evaluation)- The Interpreted Trusted Computer System Evaluation ...
33 How do I get my product evaluated? (Computer Security Evaluation)- Product developers who have a product that they wish to ...
34 What is the evaluation process? (Computer Security Evaluation)- The evaluation process is described in detail ...
35 How long does an evaluation take? (Computer Security Evaluation)- The length of time a developer needs to prepare for ...
36 How much does an evaluation cost? (Computer Security Evaluation)- The Trusted Product Evaluation Program (TPEP) does not ...
37 How do I find out about the evaluation process? (Computer Security Evaluation)- For an abstract view of the evaluation process you can ...
38 Who actually performs the evaluations? (Computer Security Evaluation)- Trusted product evaluators come from the Trusted ...
39 What information is released about an evaluated product? (Computer Security Evaluation)- As we begin working with a product, the vendor and ...
40 What is RAMP? (Computer Security Evaluation)- The Rating Maintenance Phase (RAMP) Program was established ...
41 Should I buy an evaluated product? (Computer Security Evaluation)- An evaluated product has the benefit of providing ...
42 Does NSA buy/use evaluated products? (Computer Security Evaluation)- NSA endevours to be an exemplary customer of the products ...
43 How do I know if a product is evaluated? (Computer Security Evaluation)- The simplest way to find out if a product is not evaluated ...
44 What does it mean for a product to be "in evaluation"? (Computer Security Evaluation)- In the past it has been the case that Trusted ...
45 What does it mean for a product to be "compliant" with the TCSEC? (Computer Security Evaluation)- If a product has been evaluated by the Trusted ...
46 What and where is the Evaluated Products List (EPL)? (Computer Security Evaluation)- The Evaluated Products List (EPL) officially is ...
47 How do I get a copy of an evaluation report? (Computer Security Evaluation)- Single copies of evaluation reports are available without ...
48 Is an evaluated product "hacker proof?" (Computer Security Evaluation)- No product can be guaranteed to be hacker proof ...
49 What is the rating of DOS? (Computer Security Evaluation)- MS-DOS, PC-DOS, and DR-DOS have not been evaluated. ...
50 What is the rating of UNIX? (Computer Security Evaluation)- There are a number of evaluated products conforming to one ...
51 What should I do if evaluated Product X appears to fail a requirement? (Computer Security Evaluation)- If an evaluated product does not seem to meet the requirements,...
52 Why should I buy a B2/B3/A1 product over a C2/B1 product? (Computer Security Evaluation)- While the features and assurances of each class increase, ...
53 Is there an approved program to declassify my hard drive? (Computer Security Evaluation)- In summary, no; in general, overwriting may be sufficient to ...