Your company develops and sells firewalls. Some of the firewalls are sent for independent evaluation against the Common Criteria. Which of the following affects the level of evaluation assurance least significantly?
A. The evaluation methods, processes, and tools employed
B. The percentage of the system is considered in the evaluation
C. The evaluation granularity of the design, implementation, and processes of the system
D. The ability of the system to reestablish a secure state and to do so in a secure manner
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. The ability of the system to reestablish a secure state and to do so in a secure manner.
The three dimensions of assurance are defined in ISO/IEC 15408-3 (Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 3: Security assurance components). They are also introduced in NIST 800-160, VOLUME 1:
- Rigor: The evaluation methods, processes, and tools employed
- Scope: The percentage of the system is considered in the evaluation
- Depth: The evaluation granularity of the design, implementation, and processes of the system
- Trusted recovery: the ability of the system to reestablish a secure state and to do so in a secure manner. Many products have the security capability of trusted recovery; however, they may have different levels of evaluation assurance.
The following is an excerpt from NIST 800-160, VOLUME 1:
Assurance, in a general sense, is the measure of confidence associated with a set of claims. From a security perspective, assurance is the measure of confidence that the security functions for the system combine, in the context of the entire system, to provide freedom from the conditions that cause asset loss and the associated consequences.
Security-oriented claims establish the basis for the assurance about system security. Security-oriented claims include, but are not limited to, the ability:
- to satisfy stakeholder and system design requirements;
- to behave only as specified by those requirements;
- to achieve desired outcomes; to enforce security policy;
- to avoid, minimize, or mitigate vulnerabilities; and
- to be effective despite defined disruptions.
The initial security claims are based on assets and specific asset loss consequences. The security claims are refined and decomposed to address all aspects of the system that support the overarching claims of adequate security.
The Level of Assurance
The level of assurance obtained depends upon three interacting dimensions of scope, depth, and rigor.
- Scope: Assurance increases (and becomes more complete) as a greater percentage of the system is considered in the analysis of system;
- Depth: Assurance increases as the analysis of the system reaches a finer level of introspection into the design and implementation of the system and into the finer aspects of supporting and enabling processes; and
- Rigor: Assurance increases as the methods, processes, and tools employed are more formal, structured, and consistently repeatable and provide increased fidelity and rigor in execution and results.
The level of effort required to achieve assurance therefore, increases as the scope increases, the depth increases, and the rigor of means and methods increase.
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
貴公司開發和銷售防火牆。 一些防火牆會被送去以通用標準(Common Criteria)進行獨立評估。 以下哪項對評估保證水平的影響最小？