At 10:32 AM 1/18/96 -0000, Juan D. Sandoval wrote:

does anyone know where I can get info on Information Technology Secure Evaluation Criteria (ITSEC)?

Here's what I found: ------------------------> Excerpted from _Computer_Security_Handbook,_Third_Edition_ by Hutt, Bosworth, & Hoyt (C) 1995 by John Wiley and Sons: (d) European and Canadian Security Standards. Since its original publication in 1983, the TCSEC has greatly influenced It security. It is widely recognized as a yardstick for evaluating products in relation to security features and assurances needed to support security objectives. TCSEC has also influenced the development of other documents both in the US and abroad, forming a foundation of second-generation requirements. In 1991, the European Community adopted the Information Technology Security Evaluation Criteria (ITSEC) for a two year trial period. The ITSEC approach uses "Security Targets" for expressing security functionality profiles. ITSEC was builtin upon various national initiatives, including the TCSEC, and represents a /harmonized/ effort among Franfce, Germany, the Netherlands, and the United Kingdom. ------------------------> A quick search of INSPEC (described below) turned up some useful results, as well. INSP (INSPEC) Citations and abstracts of articles in physics, electronics, engineering, computer and information technology journals. A keyword search for ITSEC revealed 30+ documents related to IT and systems security measures. The citation below seemed the most useful: Sizer, R. "Information technology security evaluation criteria (ITSEC)." _Computer_Bulletin_, vol.5, pt.5, p.7. Oct. 1993. ISSN: 00104531 ;;gtec. Keywords: data integrity. data privacy. security of data. Class codes: C0310D. C6130S. Date indexed: 12/93. Abstract: The insecurity of IT systems (typified by unauthorised access) is a complex and increasingly aggravating social problem. All sectors of society-commerce, industry, government (local and national) and domestic are at risk. People who have the responsibility for choosing, installing or using IT systems have faced considerable difficulty in choosing IT security products purporting to provide a 'secure environment' employing technical security mechanisms in hardware and software. The problem has, in the main, been the highly subjective claims for, and interpretation of, those security mechanisms. The ITSEC criteria involve the independent evaluation of IT products and systems (hardware and software) which claim security features. Security includes confidentiality, integrity and availability ------------------------> This citation may also be useful, but the text of the paper is in German. Peleska, J. and Reichel, H. of Deutsche Syst.-Tech. GmbH, Kiel, Germany. "Formal specification of generic ITSEC functionality classes." _Informatik_-_Wirtschaft_-_Gesellschaft_ (Informatics - Economy - Society). p.354-64, 1993. ISSN: 3540571922;;gtec. Conference: Informatik Wirtschaft Gesellschaft (Informatics, Economy, Society), Dresden, Germany, 27 Sept.-1 Oct. 1993. Keywords: formal specification. software quality. standards. Class. Codes: C6110B. Date Indexed: 10/94. Abstract: On the basis of the formal specification, the consistency of specification of a concrete product to the ITSEC standards is not only informally motivatable, but also mathematically provable. In this way, the objective visability, quality and efficiency of the evaluation process are increased. For the evaluation of products at Stage E6, use of the described concepts (or of comparable ones) is indispensable ------------------------> I have access via my local library to the first document (the actual ITSEC specification) but not to the second. You should be able to find the _Computer_Bulletin_ at most universities with CS majors. Hope this helps, Jeremy --- Jeremy Mineweaser | GCS/E d->-- s:- a--- C++(+++)$ ULC++(++++)>$ P+>++$ j.mineweaser@ieee.org | L+>++ E-(---) W++ N+ !o-- K+>++ w+(++++) O- M-- | V-(--) PS+(--) PE++ Y++>$ PGP++>+++$ t+() 5 X+ R+() *ai*vr*vx*crypto* | tv(+) b++>+++ DI+(++) D+ G++ e>+++ h-() r-@ !y-