[Fed-Talk] EAL3 v EAL4
[Fed-Talk] EAL3 v EAL4
- Subject: [Fed-Talk] EAL3 v EAL4
- From: Shawn Geddis <email@hidden>
- Date: Sun, 19 Jun 2005 23:18:57 -0400
On Jun 18, 2005, at 10:27 AM, Ran Atkinson wrote:
Personally, I find the improved audit support to be very helpful.
I do wish Apple would look into EAL4 certification, simply because
other competitors have EAL4 already (or in some cases are actively
being evaluated under EAL4). Lack of EAL4 is going to be a risk
for Apple that EAL4 would be used to prevent Apple systems from
being procured under some RFP or deployed in some environments.
(That said, I'm very happy that they have EAL3 already. :-)
Since EAL4 does not indicate that it is more secure than EAL3, what
specific Security Functions are critical for Certification within
your environments ?
As is the case with any vendor, it is optimal to invest the effort
and achieve certification for those things which help the customer
the most. Just achieving EAL4 would be rather meaningless unless of
course you care what functions (Protection Profile) are certified.
Those of you who are familiar with CCC also know that CAPP is being
replaced and will then no longer be available as a Protection Profile
for evaluation.
Please forward me any and all comments or environmental requirements
for Common Criteria Certification for Mac OS X / Mac OS X Server
going forward.
-Shawn
___________________________________________
Shawn Geddis
Security Consulting Engineer
Apple Computer - US Federal Government
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden