Information Technology Security Evaluation Criteria

1. ITSEC stands for Information Technology Security Evaluation Criteria. This is the European-developed criteria which fills an equivalent role to TCSEC. ITSEC emphasis on availability and integrity. It provides a uniform approach for the evaluation of the product and system.

The concept of Target Of Evaluation (TOE) is introduced in ITSEC. ITSEC provides assurance classes, functionality classes, and profile for the system. It also introduced the security target. The security target is the written document which contains, system security policy, required security mechanism, claimed rating of minimum strength, and required security enforcing functions.

The assurance classes of ITSEC are described below:

E0: It is for inadequate assurance.

E1: It is a security target document which provides an informal description of the TOE’s architectural design.

E2: It needs E1 requirements and additionally requires testing evidence, configuration control requirements, and approved distribution procedures.

E3: It needs E2 requirements and additionally needs source code and drawing.

E4: It needs E3 requirements and additionally requires formal model of security policy, architectural design documents, and detailed design document.

E5: It needs E4 requirements and additionally needs the evidence of close correspondence between the source code and the detailed design.

E6: It needs E5 requirements and additionally needs formal specification of security enforcing functions.