Tuesday, April 3, 2012

Comparison and contrast on TCSEC, CC, SSE-CMM and ISO27001


TCSEC, CC, SSE-CMM and ISO27001 are well-known security evaluation schemes.
  • TCSEC - Trusted Copmuter System Evaluation Criteria
  • CC - Common Criteria
  • SSE-CMM - System Security Engineering Capability Maturity Model

Below table gives a brief comparison among those security evaluation schemes. First six facts shoes the similarities among those schemes while the rest shows the differences.



Description
TCSEC
CC
SSE-CMM
ISO 27001
1
Applicable to all industry sectors
ü   
ü   
ü   
ü   
2
Policy
ü   
ü   
ü   
ü   
3
Documentation
ü   
ü   
ü   
ü   
4
Level of trust
ü   
ü   
ü   
ü   
5
Accountability
ü   
ü   
ü   
ü   
6
Access control policy
ü   
ü   
ü   
ü   
1
Internationally recognized
û   
ü   
ü   
ü   
2
Comprehensive set of controls
ü   
û   
ü   
ü   
3
Emphasis on prevention
ü   
û   
û   
ü   
4
A technical standard
ü   
ü   
û   
û   
5
Product or technology driven
ü   
ü   
û   
û   
6
Process driven
ü   
ü   
û   
ü   
7
An equipment evaluation methodology
û   
ü   
û   
û   
8
Different classes of security
ü   
ü   
û   
û   
9
Assurance
ü   
ü   
ü   
û   
10
Functional requirements
ü   
ü   
ü   
û   
11
Plan-do-check-act cycle possible
û   
û   
û   
ü   

No comments:

Post a Comment