•  ITSEC – European standard
                          •  Functionality & Assurance
                          •  Tests all three of A.I.C. triad
                   •  Common Criteria (international) IOS 15408
                          •  A Common Criteria (CC) lab will test a
                              product against a MANUFACTURER’s
                              specifications.  If one firewall vendor
                              says they can do 1,000 transactions
                              per second and they only do 1,001,
                              they will get a good evaluation on
                              that point.  However, if another
                              vendor says they can do 5,000, and
                              they only do 4,500, they will fail.
                          •  Establishes a framework for each
                              industry through protection profiles
                              (PP).
                          •  Covers all three of A.I.C. triad.
                          •  Uses evaluation assurance level
                              (EAL).
                          •  Security target: the protection profile
                              (PP) that will be selected for testing a
                              product.
                          •  The target of Evaluation (TOE): entity
                              under testing.