At 03:42 AM 02/01/2000 -0800, Craig Martin wrote: >Could someone possibly explain the difference between >a Firewall that is ITSEC rated and a F/W that is >not?...Am I correct in saying that Firewall-1 for >example is not ITSEC rated?...Seems strange. The substantive difference is whether or not the vendor paid money to an evaluation lab to do the evaluation, and the vendor had the patience and cash to see the thing through. The ITSEC evaluation says that the product met the requirements documented in its "Security Target" document. Firewall-1 has a version with an ITSEC rating, though I'm told this is not their standard, off-the-shelf product. The official party line in the security evaluations and ratings business is that the "Common Criteria" is supposed to replace ITSEC. The two are very similar, but the Common Criteria is recognized in multiple countries while ITSEC ratings are only officially recognized in the country that issued the rating. Firewall-1 also has a Common Criteria rating, but I'd check to see if it's for their standard product or not. Several other firewalls also have Common Criteria ratings. Rick. smithat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:00:00 PDT