Newstaff, Inc. Information Security Services ITSEC Assurance Levels

The Information Technology Security Evaluation Criteria (ITSEC) is a UK scheme in which security features of IT systems and products are tested independently of suppliers to identify logical vulnerabilities. It combined and harmonised the national criteria produced by the United Kingdom, Germany, France and the Netherlands after the publication of the TCSEC criteria in the United States.

The ITSEC defines the following security levels:

E0 Inadequate Assurance.

E1 A security target and informal architectural design must be produced. User /Admin documentation gives guidance on Target of Evaluation (TOE) security. Security enforcing functions are tested by evaluator or developer. TOE to be uniquely identified and to have Delivery, Configuration, Start-up and Operational documentation. Secure Distribution methods to be utilised.

E2 An informal detailed design, and test documentation must be produced. Architecture shows the separation of the TOE into security enforcing and other components. Penetration testing searches for errors. Configuration control and developer's security is assessed. Audit trail output is required during start up and operation.

E3 Source code or hardware drawings to be produced. Correspondence must be shown between source code and detailed design. Acceptance procedures must be used. Implementation languages should be to recognised standards. Retesting must occur after the correction of errors.

E4 Formal model of security and semi-formal specification of security enforcing functions, architecture and detailed design to be produced. Testing must be shown to be sufficient. TOE and tools are under configuration control with changes audited, compiler options documented. TOE to retain security on re-start after failure.

E5 Architectural design explains the inter-relationship between security enforcing components. Information on integration process and run time libraries to be produced. Configuration control independent of developer. Identification of configured items as security enforcing or security relevant, with support for variable relationships between them.

E6 Formal description of architecture and security enforcing functions to be produced. Correspondence shown from formal specification of security enforcing functions through to source code and tests. Different TOE configurations defined in terms of the formal architectural design. All tools subject to configuration control.

Contact Us for a proposal!