Description

This article is from the Computer Security Evaluation FAQ, by Trusted Product Evaluation Program TPEP@dockmaster.ncsc.mil.

45 What does it mean for a product to be "compliant" with the TCSEC? (Computer Security Evaluation)

If a product has been evaluated by the Trusted Product
Evaluation Program (TPEP) to comply with the requirements of a
rated class, then it means that an independent assessment
showed the product to have the features and assurances of that
class. It does not mean that the product is impenetrable. It
is even possible that the independent assessment overlooked
some failure to meet the criteria, although we expend a lot of
energy attempting to prevent that. A vendor claim to be
"compliant" without an evaluation often doesn't mean very much
since the vendor's interpretation of the requirement may not be
the same as an independent assessor's would be.

 

Continue to:

• prev: 44 What does it mean for a product to be "in evaluation"? (Computer Security Evaluation)
• Index
• next: 46 What and where is the Evaluated Products List (EPL)? (Computer Security Evaluation)

Share and Enjoy

Tags

computer security, evaluation, TREP, Trusted Product Evaluation Program, Federal Criteria, hacker-proof