44 What does it mean for a product to be "in evaluation"? (Computer Security Evaluation)
Description
This article is from the Computer Security Evaluation FAQ, by Trusted Product Evaluation Program TPEP@dockmaster.ncsc.mil.
44 What does it mean for a product to be "in evaluation"? (Computer Security Evaluation)
In the past it has been the case that Trusted Product
Evaluation Program (TPEP) evaluations where conducted over
longer periods of time and included time for a developer to
work out problems with their documentation and testing that a
current Intensive Preliminary Architecture Review (IPTR) is
designed to limit. Currently a product is not announced to be
in evaluation until it has successfully passed an IPTR. Even
so, a product may go through several releases, incorporate
fixes during the course of evaluation, or even potentially drop
out of evaluation or fail evaluation. Because of this a
product in evaluation is not equivalent to an evaluated
product. While it does show some intent to have an evaluated
product, and a consideration of security criteria in the
product development, it does not necessarily imply any security
features or assurances. Buyers of products in evaluation
should consider what options will be available to them should
the evaluated configuration differ significantly from the
purchased configuration, or if the product does not ultimately
complete evaluation.
Continue to:
My Books
