The International Atomic Energy Agency (IAEA) plans to use the Common Criteria, as the tool for developing graded and measurable evaluation criteria for information technology (IT) in safeguards systems in facilities subject to IAEA inspection. In their draft paper [ITSECSES] the IAEA defines a three-tiered Vulnerability Assessment Level (VAL) scheme. Each increased VAL level (1-3) defines additional and more stringent security and security-related requirements for the system developer, the system evaluator (assessor or authenticator), and for the IAEA. When all parties meet all requirements for a particular VAL level, IAEA has a measurable degree of confidence in the secure and proper operation of an IT system.
Revised: June 28, 2006 |
Published: December 6, 2001