Advertisement

The Extended Commercially Oriented Functionality Class for Network-based IT Systems

  • Alexander Herrigel
  • Roger French
  • Herrmann Siebert
  • Helmut Stiegler
  • Haruki Tabuchi
Part of the DUD-Fachbeiträge book series (DUD)

Abstract

This paper presents a new approach for security evaluation criteria of network-based IT systems. The Extended Commercial Oriented Functionality Class (E-COFC) addresses a minimum set of security functionalities for the commercial market to reduce technical complexity, and to allow the cost-and time effective application. The standard addresses today’s commercial requirements with its different legal parties involved. In contrast to state-of-the art- approaches such as the Common Criteria, the standard address the contractual relationships the business processes are based on. The E-COFC is considered as a baseline standard commercial enterprises can measure against.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    “Trusted Computer Systems Evaluation Criteria”, DoD 5200.28-STD, Department of Defense, United States of America, December 1985.Google Scholar
  2. [2]
    “Information Technology Security Evaluation Criteria (ITSEC)-Harmonized Criteria of France, Germany, the Netherlands, and the United Kingdom “, Vers 1.2, 1991.Google Scholar
  3. [3]
    “The Canadian Trusted Computer Product Evaluation Criteria”, Canadian System Security Center, Communications Security Establishment, Government of Canada, Version 3.0e, January 1993.Google Scholar
  4. [4]
    “Federal Criteria for Information Technology Security”, Vol. 1 and Vol. 2, Dec. 1992, National Institute Of Standards and Technology & National Security Agency.Google Scholar
  5. [5]
    “Common Criteria for Information Technology Security Evaluation”, Version 1.0, CCEB.Google Scholar
  6. [6]
    “Standard ECMA-205, Commercially Oriented Functionality Class for Security Evaluation (COFC) “, ECMA, December 1993.Google Scholar
  7. [7]
    “Draft Standard ECMA-999, Security Functionalities of the E-COFC, ECMA, March 1997Google Scholar

Copyright information

© Friedr. Vieweg & Sohn Verlagsgesellschaft mbH, Braunschweig/Wiesbaden 1997

Authors and Affiliations

  • Alexander Herrigel
    • 1
    • 2
  • Roger French
    • 1
    • 3
  • Herrmann Siebert
    • 1
    • 4
  • Helmut Stiegler
    • 1
    • 5
  • Haruki Tabuchi
    • 1
    • 6
  1. 1.European Computer Manufactures Association (ECMA)Geneva, TC 36Switzerland
  2. 2.r3 Security engineering agAathalSwitzerland
  3. 3.Digital Equipment CorporationUSA
  4. 4.EDP ConsultingGermany
  5. 5.STI ConsultingGermany
  6. 6.Fujitsu LtdJapan

Personalised recommendations