Ask the Expert

What is C2 certification and what does it mean?

In response to another Ask the Expert response I just saw on the site, what is C2 certification? What does it mean?
The C2 certification is one level in the Trusted Computer System Evaluation Criteria (the orange book), one of a series of guides on computer security. The TCSEC described levels of security for computing devices. The thought was that with these levels, these devices could be tested, and the classifications used to help people (primarily the government and government contractors) in their purchasing decision. The levels were often written into purchasing specifications. Each level specifies areas that must be met in order to qualify, and vendors submit their equipment to third parties for testing against the criteria -? which takes time. To configure Windows NT 4.0 to meet the C2 criteria, you can use the checklist published here.

TCSEC was developed in the 1980?s in the U.S. One European criteria, Information Technology Security Evaluation Criteria (ITSEC), was developed in the 1990?s. More recently, a newer, international certification ?Common Criteria? seeks to make one evaluation system that all countries can follow. Common Criteria has replaced TCSCEC, and all current product evaluations are taking place at these levels, not at the older C2 level. You can read a short description of this process as it concerns Windows 2000 here and get into the details of Common Criteria at www.commoncriteria.org.

The older TCSEC certifications are still valuable. But, either way, it is important to remember that all the certiications say is that a certain system is certified if configured as it was for the test. It's up to you to determine what that means, and if it will be relevant in your situation, and not just listen to the vendor claims.

This was first published in July 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: