information technology security evaluation criteria (ITSEC)
The Information Technology Security Evaluation Criteria (ITSEC) are European security standards used to evaluate and certify the security ofIT systems. It is a technically oriented, product-related security guideline.
ITSEC has evolved from various European security guidelines, the UK Confidence Levels, German Criteria, French Criteria and the USOrange Book Trusted Computer Security Evaluation Criteria( TCSEC). The criteria are summarized in a catalog and are only valid for the European area.
The trust in ITSEC security levels are divided into so-called evolution levels. There are levels E0, reflecting insufficient trust, to E6 for highest trust. The higher the evolution level, the more expert the intruders. Evaluation involves testing and assessing the security properties of an IT product against the established security criteria.
The further development of the ITSEC is the Common Criteria for Information Technology Security Evaluation.
The ITSEC, which was adopted by the EU Commission in 1991 and is applied by the German Federal Office for Information Security( BSI), is the European counterpart to the American TCSEC. The Common Criteria( CC) were developed from both.