The Computer Security Evaluation Frequently Asked Questions (V3)

This FAQ is designed to answer common questions about the evaluation of trusted products. We have
attempted to be as clear, precise and accurate as possible. Some answers are undoubtedly
closer to this ideal than others. Comments on the FAQ may be sent to TPEP@gibraltar.ncsc.mil.

Contents

Evaluation Programs
  1. What is the National Computer Security Center (NCSC)?
  2. What is TTAP?
  3. What is a TEF?
  4. How is TTAP related to the National Security Agency (NSA)?
  5. How is TTAP related to the National Institute of Standards and Technology (NIST)?
  6. What is NIAP?
  7. What is CCEVS?
  8. What is TPEP?
  9. Who do I contact?
  10. What is GIBRALTAR?
  11. What was Dockmaster?

Criteria
  1. What are the criteria used for evaluation?
  2. What is the Common Criteria?
  3. What is a Protection Profile (PP)?
  4. What is a Security Target (ST)?
  5. What is the CEM?
  6. What is the TCSEC?
  7. What are interpretations?
  8. What is the Interpreted TCSEC (ITCSEC)?
  9. Is there criteria for commercial (as opposed to military) systems?
  10. What is the Federal Criteria?
  11. What are the CMWREQs and the CMWEC?

Common Criteria Concepts
  1. What is a TOE?
  2. What is a security functional component?
  3. What are Evaluation Assurance Levels (EALs)?
  4. What is a class?
  5. What is a family?
  6. What is a component?
  7. What is an Evaluation Authority?

TCSEC Criteria Concepts
  1. What is the TCSEC?
  2. What does it mean for a product to be "compliant" with the TCSEC?
  3. What is the Orange Book?
  4. What is the Rainbow Series?
  5. What is the TNI?
  6. What is the TDI?
  7. What are Process Action Team (PAT) Guidance Working Group (PGWG) documents?
  8. What are security features?
  9. What is assurance?
  10. What is a division?
  11. What is a class?
  12. What is a network component?
  13. What is RAMP?
  14. What is a Network Security Architecture Design (NSAD) document?
  15. The TCSEC is over 10 years old, doesn't that mean it's outdated?
  16. How do the TCSEC and its interpretations apply to routers and firewalls?
  17. Does a trusted system require custom hardware?
  18. What are the requirements for a D/C1/C2/B1/B2/B3/A1 system?
  19. How do I interpret a TCSEC rating?

Evaluations
  1. How do I get my product evaluated?
  2. What is the evaluation process?
  3. How much does an evaluation cost?
  4. How do I find out about the evaluation process?
  5. Who actually performs the evaluations?
  6. What information is released about an evaluated product?

Evaluated Products
  1. Should I buy an evaluated product?
  2. Does NSA buy/use evaluated products?
  3. How do I know if a product is evaluated?
  4. What does it mean for a product to be "in evaluation"?
  5. What and where is the Evaluated Products List (EPL)?
  6. How do I get a copy of an evaluation report?
  7. How do I interpret a CCITSE rating?
  8. Is an evaluated product "hacker proof?"
  9. What is the rating of UNIX?
  10. What should I do if an evaluated product appears to fail a requirement?

[Commercial Product Evaluations | TPEP Main Page | TTAP Main Page]

Last updated Wed Aug 25 06:44:02 1999
URL: http://www.radium.ncsc.mil/tpep/process/faq.html
Questions/Comments