The National Institute of Standards and Technology and the National Security Agency have completed profiles for recommended security features for five of the 10 technology areas the agencies have targeted for profile development. The Protection Profiles, when completed, will be included in the evaluation process for Common Criteria certification of IT security products. . . .
The National Institute of Standards and Technology and the National Security Agency have completed profiles for recommended security features for five of the 10 technology areas the agencies have targeted for profile development. The Protection Profiles, when completed, will be included in the evaluation process for Common Criteria certification of IT security products. "There are going to be a lot of profiles coming out in the next six months," said Rex Myers, NSA security architect.

Myers made his comments today at the Federal Information Assurance Conference at the University of Maryland.

Protection Profile development began about two years ago as a cooperative program between NIST, which develops standards for nonclassified IT products, and NSA, which handles requirements for the classified and intelligence community. Because the Common Criteria program only evaluates IT products against the manufacturer's claims, without required security specifications, the Protection Profiles will give users a way to determine how robust a product's security features are.

The profiles specify three levels of security: basic, medium and high.

The link for this article located at GCN.com is no longer available.