Frequently Asked Questions
PitBull Foundation and Foundation Suite

What is ITSEC?

The UK Information Technology Security and Evaluation Criteria (ITSEC) scheme is a joint venture set up by the DTI and the British Government's Communications-Electronics Security Group (CESG) to evaluate the security features of IT products and systems and to certify the level of assurance which can be placed on them based on the Information Technology Security Evaluation Criteria (ITSEC). Since 1990, the ITSEC scheme has been used to certify products for use in both the Government and commercial organizations.

What is an ITSEC evaluation and certification?

Argus' products have been certified to meet strict internationally recognized security criteria. This certification process, known as the Information Technology Security Evaluation Criteria (ITSEC), involves not only design and engineering methodology reviews, but also intensive penetration testing. ITSEC certification serves as an independent validation of security functionality, design and workmanship of products. Typical ITSEC evaluations involve several years of testing and verification before their successful completion.

What benefits does the ITSEC evaluation bring to users?

Users can take advantage of the ITSEC evaluation as part of creating a more formal IT policy by making sure they are buying products which have been certified under the scheme have the assurance that security features are correctly implemented and that areas of vulnerability have been identified and removed.

The ITSEC evaluation is comprehensive because it provides an umbrella for determining standards and procedures for evaluation. ITSEC is now an international standard recognized throughout Europe and beyond. France, Germany and the Netherlands, as well as the UK, cooperated in establishing criteria under the ITSEC banner.

For these reasons an increasing number of vendors have been turning to the ITSEC certification program as an essential third party endorsement of their products, such as operating systems, access control devices, networking products, databases, communication and encryption devices.

Most importantly of all by purchasing ITSEC certified products users can be confident that the product they have bought is tested against a predetermined standard.

  • The ITSEC certification process identifies an average of 7 faults in every piece of software it checks, faults which would otherwise have gone undetected. By buying an ITSEC certified product, users will know instantly that the product's claims about its security features are valid, that it has been tested against an internationally recognized standard and that the vendor has taken the trouble to seek independent evaluation.
  • ITSEC certification means a better product at no extra cost. Evidence shows that ITSEC certified products are no more expensive to buy than equivalent uncertified software. They do however save businesses the time, trouble, expense of conducting their own investigation or internal assessments.
  • On top of this, the ITSEC evaluation helps unite procedural and product security. Businesses need only to write into their purchasing practices the demand that vendors' products be ITSEC certified to have the peace of mind of knowing they can rely on the security features of a required product.

Why should I bother to purchase ITSEC certified products?

When you purchase ITSEC certified products you will know instantly that the claims about its security features are valid, that it has been tested against an international standard and that the vendor has taken the trouble to seek independent evaluation. There is no additional cost to you for the ITSEC assurance, but you can gain peace of mind in the knowledge that your company's security needs have been addressed.

Won't buying ITSEC certified products cost me more?

No. Evidence shows that ITSEC certified products are no more expensive to buy than equivalent uncertified software. They do however save businesses the time, trouble, and expense of conducting their own evaluations.

How does an ITSEC certificate guarantee security?

An ITSEC certificate is a guarantee that the product has met a Security Target which has specific security objectives, based on possible security threats and the environments in which it is intended to operate. The scheme's hierarchical levels of assurance allow you to match your requirements against manufacturers' claims which have been independently tested and verified.

How can I find out whether the product I want to buy is certified?

A full list of ITSEC certified products is available from the Certification Body. However if the manufacturer has gone to the trouble of gaining an ITSEC certificate, he or she is likely to tell you.

What Argus products have been ITSEC certified?

PitBull Foundation has received four ITSEC certifications, all in the UK. F-B1/E3 and F-C2/E3 certificates were received under Operating Systems in 1996 and under Communications in 1999, for a later release of the same product.

How can I request that a manufacturer seeks an ITSEC certificate?

Tell them that certification is part of your purchasing requirements. They can find out further details by contacting the Certification Body.

How can I find out more?

  • BS 7799 is published by the British Standards Institution.
  • The Computer Assurance Guidelines are published by DTI Telecommunications Division.
  • ITSEC scheme publications are available from the Certification Body.
Innovative Security Systems, Inc | dba Argus Systems Group Privacy Copyright © 2008 Innovative Security Systems Inc.