Applying the Common Criteria to the Certification and; Accreditation of Department of Defense Unclassified Information Technology Systems

Perhaps the greatest challenge Information Technology (IT) professionals face today is providing evidence that the systems they develop are secure'. To provide this evidence, they must use a standardized process that will foster a high level of confidence in the security features of the IT system. This process must provide a means to quantify and measure the extent to which the security of the IT system has been evaluated and assessed. No matter what type of system is to be developed, there must be assurance that the data and data processing resources are protected and the security mechanisms will operate in the manner in which they were designed to operate. Besides being a good business practice, there are numerous laws and regulations, which define and explain why one must be concerned with the adequacy of IT security.