Jump to main content
RICOH
Global
| Contact | Site Map | Search
HomeAbout RicohProducts & SolutionsSupportDownloadsInvestorsEnvironment
Products & Solutions > Solutions > RICOH Security Solutions > What is ISO15408?
Solutions
Office Equipment
Personal Products
Industrial Products

Main Content

RICOH Security Solutions
Top
 Philosophy and Stance of the Ricoh Group

* Ricoh's proposal for a security management system
* What is ISMS?
* What is ISO15408?

What is ISO15408?
Delivery, Production, Sales, Hardware, Software, Systems

The ISO15408 certification system certifies that security functions have been reliably designed and implemented for the individual hardware and software systems of an enterprise. In addition to design and function, certification covers the entire lifecycle, including production, shipment, sales, installation and service. It is awarded as the result of inspection (evaluation) by a third-party examining authority. A common measuring stick acting as the standard of evaluation at this time is ISO15408. Thanks to these regulations, it is possible to carry out a systematic evaulation of the security levels of information technology products. This can be done from a variety of standpoints.

What are Common Criteria?


The Common Criteria represents the outcome of efforts to develop criteria for evaluation of IT security that are widely useful within the international community. It is an alignment and development of a number of source criteria: the existing European, US and Canadian criteria (ITSEC, TCSEC and CTCPEC respectively). The Common Criteria resolves the conceptual and technical differences between the source criteria. It is a contribution to the development of an international standard, and opens the way to worldwide mutual recognition of evaluation results.

Version 1.0 of the CC was published for comment in January 1996. Version 2.0 takes account of extensive review and trials during the past two years and was published in May 1998.

Version 2.0 has been adopted by the International Organisation for Standards (ISO) as a Final Committee Draft (FCD) and is expected to become an International Standard (ISO15408) in 1999.
(* Above is quoted from CC brochure sponsored by CESG in UK, and NIST in the USA. )

CC is now formally recognised as ISO15408, since 1999. Acceptance by ISO will ensure that the CC rapidly becomes the world standard for security specifications and evaluations.


National Standards Prior to Creation of CC
USA: TCSEC
Canada: CTCPEC
Europe: ITSEC

ISO15408 Certification

Ricoh has obtained ISO15408 certification for the optional Ricoh DataOverwriteSecurity System (DOSS). This certification means that the security features provided by the DOSS have been determined by ISO to be correctly implemented and to provide adequate protection against the threats for which they are intended.

[ Seven-Step Evaluation Assurance Levels (EAL) ]
The higher the number of the level, the stricter the evaluation. Generally speaking, EAL1-4 are aimed at commercial products, while EAL5 or higher are said to be for military uses.
 Seven-Step Evaluation Assurance Levels (EAL)
* What is ISMS?

*To Top



| Accessibility features | Privacy | Terms of Use | Copyright (C) 2000-2006 Ricoh Co., Ltd. All Rights Reserved.