Overview
Français
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHORS
-
Michaël CHOCHOIS: Security and IT Risk Manager
-
Nicolas MAGNIN: Legal specialist in SSI
INTRODUCTION
The advent of the information society in the 1990s gave rise to a growing need for computer security. The industry responded with a plethora of hardware and software products designed to protect all or part of information systems, which have long been considered to be of strategic importance in guaranteeing national sovereignty.
Governments and companies using security products quickly felt the need to evaluate the actual protection capabilities of Information Systems Security (ISS) products. The United States thus created the Trusted Computer System Evaluation Criteria (TCSEC), also known as the "Orange Book". This document sets out a series of criteria that an information system must meet in order to be considered reliable for use by an American federal administration. The originality of this evaluation system is that it proposes four levels of security, the choice of which is determined by the level of sensitivity of the information to be managed by the information system. At the same time, private companies have set up institutes to assess the robustness of SSI products.
However, it was governments that expressed the strongest need for SSI product evaluations. What's more, even end-user companies were interested in their evaluations, as they offered a certain guarantee of independence. As a result, the States decided to coordinate their efforts to share the large number of evaluation criteria for SSI products. They concluded agreements so that certificates attesting that these products meet these safety criteria can be recognized in other countries. Nevertheless, despite these efforts, information systems security is still often, and above all, considered a national prerogative. Thus, in parallel with international agreements, states often develop national evaluation systems in order to retain control over the evaluation of ISS products.
Such is the case for France. Our country is one of the founding participants in the Common Criteria mutual recognition agreement, and has set up a national certification authority to issue certificates in accordance with its criteria (§ 1 ).
France has also developed this national certification system for :
evaluate ISS products...
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
SSI product quality, French labels
Common Criteria assessment and certification
Bibliography
Also in our database
Software tools
CISIA June 2000 The Bayesian (version for Windows Vista).
Websites
National Agency for Information Services Security http://www.ssi.gouv.fr/
EAL2+ certified protection profile for voting machines http://www.ssi.gouv.fr/fr/confiance/pp/pp_2006_4.html
Certified protection profiles...
The Ultimate Scientific and Technical Reference
