Thomas Syrstad wrote:
>
> Why ICSA? What about Common Criteria?
> Common Criteria stribes to achieve International standards
> for security products
But in Common Criteria you can certify almost anything;
it is very much like ISO 900x in that way. You specify
what you want your thing to handle, and then you test that.
For the higher assurance levels, you also certify that
external products won't affect your product, and that
you've got the right mindset and internal documentation
routines to keep developing products that work the way
you specified (basically).
I have this dream about EAL 4 certifying a security
product that consists of a clamp that you place on
an ethernet cable, that connects to an "alert" sign
and a klaxon. Target: alert the administrator every
time there is traffic on the given ethernet cable.
With enough time and money, I bet it's doable :)
> CC have no commercial interests in doing testing
> of "security products"....
Oh no? Wanna bet? :)
--
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden
Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
"Senex semper diu dormit"
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
For Account Management (unsubscribe, get/change password, etc) Please go to:
http://lists.gnac.net/mailman/listinfo/firewalls
