Gentlepeople: I believe I have an interesting question... While I am not generally a Microsoft fan, the documentation that was pointed to seems to be inconsistent. I agree with most of what Johnathan says,and maybe this is just a nit that is irrelevant to the discussion at hand.
The document that the email referenced is http://eros.cs.jhu.edu/~shap/NT-EAL4.html which in turn references page 9 of http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf which I will quote a few paragraphs below where Johnathon quoted: 1.3 Strength of Environment The CAPP is for a generalized environment with a moderate level of risk to the assets. The assurance requirements and the minimum strength of function were chosen to be consistent with that level of risk. The assurance level is EAL 3 and the minimum strength of function is SOF-medium. But the press release states NT-2000 achieved EAL-4? >From http://www.commoncriteria.org/docs/EALs.html the differences between EAL3 and EAL4 are: EAL3 - methodically tested and checked EAL3 permits a conscientious developer to gain maximum assurance from positive security engineering at the design stage without substantial alteration of existing sound development practices. It is applicable in those circumstances where developers or users require a moderate level of independently assured security, and require a thorough investigation of the TOE and its development without incurring substantial reengineering costs. An EAL3 evaluation provides an analysis supported by "grey box" testing, selective confirmation of the developer test results, and evidence of a developer search for obvious vulnerabilities. Development environmental controls and TOE configuration management are also required. EAL4 - methodically designed, tested and reviewed EAL4 permits a developer to maximize assurance gained from positive security engineering based on good commercial development practices. Although rigorous, these practices do not require substantial specialist knowledge, skills, and other resources. EAL4 is the highest level at which it is likely to be economically feasible to retrofit to an existing product line. It is applicable in those circumstances where developers or users require a moderate to high level of independently assured security in conventional commodity TOEs, and are prepared to incur additional security-specific engineering costs. An EAL4 evaluation provides an analysis supported by the low-level design of the modules of the TOE, and a subset of the implementation. Testing is supported by an independent search for vulnerabilities. Development controls are supported by a life-cycle model, identification of tools, and automated configuration management. [TOE stands for Target of Evaluation.] Is it arguable that the difference is minimal. Is there a more formal description of what can be done with an EAL3 vs an EAL4 device? Thanks jim On Thu, 2002-10-31 at 17:41, Mark Miller wrote: > At 11:41 PM 10/30/2002 Wednesday, Peter Gutmann wrote: > >http://biz.yahoo.com/prnews/021029/sftu114_1.html > > > >Microsoft Windows 2000 Awarded Common Criteria Certification > >Tuesday October 29, 2:00 pm ET > >Achieves Highest Level of Security Evaluation for the Broadest Set of > Real- > > World Scenarios > > > What it means: http://eros.cs.jhu.edu/~shap/NT-EAL4.html > > > ---------------------------------------- > Text by me above is hereby placed in the public domain > > Cheers, > --MarkM > > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] -- Jim Hughes <[EMAIL PROTECTED]> --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
