Requirements Management by the Numbers Applying Common Criteria beyond the INFOSEC Arena

摘要

The security function has taken on a dramaticallyrnincreased importance around the world with thernevents in New York and Washington in Septemberrn2001. As we search for ways to address the alteredrnrealities of today’s society, the tendency is to creatern“different” or “unique” approaches to currentrnproblems. In the information security (orrnINFOSEC) realm, Common Criteria (CC) (ISOrn15408) documents an international approach tornformulating information security requirements. ThernCC structured methodology is discussed to show itsrnpotential application to other Systems Engineeringrnapplications. This provides a means to developrnconsistent and coherent requirement sets. The CCrnhas also established a set of domain specific terms.rnThis paper analyzes the CC terminology to showrnthat CC utilizes the same guiding principles andrnprogram milestones as other Systems Engineeringrndisciplines. In the process, we provide a mapping ofrnthe CC terminology to that commonly used in nonsecurityrnSystems Engineering domains.