TCSEC, CC, SSE-CMM and ISO27001 are well-known security evaluation schemes.
- TCSEC - Trusted Copmuter System Evaluation Criteria
- CC - Common Criteria
- SSE-CMM - System Security Engineering Capability Maturity Model
Below table gives a brief comparison among those security evaluation schemes. First six facts shoes the similarities among those schemes while the rest shows the differences.
Description
|
TCSEC
|
CC
|
SSE-CMM
|
ISO 27001
| |
1
|
Applicable to all industry sectors
|
ü
|
ü
|
ü
|
ü
|
2
|
Policy
|
ü
|
ü
|
ü
|
ü
|
3
|
Documentation
|
ü
|
ü
|
ü
|
ü
|
4
|
Level of trust
|
ü
|
ü
|
ü
|
ü
|
5
|
Accountability
|
ü
|
ü
|
ü
|
ü
|
6
|
Access control policy
|
ü
|
ü
|
ü
|
ü
|
1
|
Internationally recognized
|
û
|
ü
|
ü
|
ü
|
2
|
Comprehensive set of controls
|
ü
|
û
|
ü
|
ü
|
3
|
Emphasis on prevention
|
ü
|
û
|
û
|
ü
|
4
|
A technical standard
|
ü
|
ü
|
û
|
û
|
5
|
Product or technology driven
|
ü
|
ü
|
û
|
û
|
6
|
Process driven
|
ü
|
ü
|
û
|
ü
|
7
|
An equipment evaluation methodology
|
û
|
ü
|
û
|
û
|
8
|
Different classes of security
|
ü
|
ü
|
û
|
û
|
9
|
Assurance
|
ü
|
ü
|
ü
|
û
|
10
|
Functional requirements
|
ü
|
ü
|
ü
|
û
|
11
|
Plan-do-check-act cycle possible
|
û
|
û
|
û
|
ü
|
No comments:
Post a Comment