The Extended Commercially Oriented Functionality Class for Network-based IT Systems
This paper presents a new approach for security evaluation criteria of network-based IT systems. The Extended Commercial Oriented Functionality Class (E-COFC) addresses a minimum set of security functionalities for the commercial market to reduce technical complexity, and to allow the cost-and time effective application. The standard addresses today’s commercial requirements with its different legal parties involved. In contrast to state-of-the art- approaches such as the Common Criteria, the standard address the contractual relationships the business processes are based on. The E-COFC is considered as a baseline standard commercial enterprises can measure against.
Unable to display preview. Download preview PDF.
- “Trusted Computer Systems Evaluation Criteria”, DoD 5200.28-STD, Department of Defense, United States of America, December 1985.Google Scholar
- “Information Technology Security Evaluation Criteria (ITSEC)-Harmonized Criteria of France, Germany, the Netherlands, and the United Kingdom “, Vers 1.2, 1991.Google Scholar
- “The Canadian Trusted Computer Product Evaluation Criteria”, Canadian System Security Center, Communications Security Establishment, Government of Canada, Version 3.0e, January 1993.Google Scholar
- “Federal Criteria for Information Technology Security”, Vol. 1 and Vol. 2, Dec. 1992, National Institute Of Standards and Technology & National Security Agency.Google Scholar
- “Common Criteria for Information Technology Security Evaluation”, Version 1.0, CCEB.Google Scholar
- “Standard ECMA-205, Commercially Oriented Functionality Class for Security Evaluation (COFC) “, ECMA, December 1993.Google Scholar
- “Draft Standard ECMA-999, Security Functionalities of the E-COFC, ECMA, March 1997Google Scholar