Description

This article is from the Computer Security Evaluation FAQ, by Trusted Product Evaluation Program TPEP@dockmaster.ncsc.mil.

51 What should I do if evaluated Product X appears to fail a requirement? (Computer Security Evaluation)

If an evaluated product does not seem to meet the requirements,
the first thing to do is carefully look at the Final Evaluation
Report (FER) and the product's Trusted Facility Manual (TFM).
The product was evaluated with specific configuration options and
on specific hardware. These should be stated in the TFM and FER
respectively. If the evaluated configuration still seems to not
meet some requirement for its rated class, then it is possible that
there was an oversight during the evaluation. You can send that
information to tpep@dockmaster.ncsc.mil and we may investigate the
issue.

 

Continue to:

• prev: 50 What is the rating of UNIX? (Computer Security Evaluation)
• Index
• next: 52 Why should I buy a B2/B3/A1 product over a C2/B1 product? (Computer Security Evaluation)

Share and Enjoy

Tags

computer security, evaluation, TREP, Trusted Product Evaluation Program, Federal Criteria, hacker-proof