TCSEC was developed in the 1980?s in the U.S. One European criteria, Information Technology Security Evaluation Criteria (ITSEC), was developed in the 1990?s. More recently, a newer, international certification ?Common Criteria? seeks to make one evaluation system that all countries can follow. Common Criteria has replaced TCSCEC, and all current product evaluations are taking place at these levels, not at the older C2 level. You can read a short description of this process as it concerns Windows 2000 here and get into the details of Common Criteria at www.commoncriteria.org.
The older TCSEC certifications are still valuable. But, either way, it is important to remember that all the certiications say is that a certain system is certified if configured as it was for the test. It's up to you to determine what that means, and if it will be relevant in your situation, and not just listen to the vendor claims.
This was first published in July 2002