Proceedings of the Workshop of the Federal Criteria for Information Technology Security

The first draft of the Federal Criteria was made public in January 1993. Several thousand copies of the Federal Criteria were distributed and comments on this first draft were received between January and April of 1993. Over 20,000 comments were obtained from approximately 120 organizations. These organizations represented defense and civil government, producer and procurer, and North American and European concerns. The purpose of the Federal Criteria Workshop that was sponsored by the National Security Agency (NSA) and the National Institute of Standards and Technology (NIST) on June 2nd and 3rd of 1993 was to address these comments. All those who commented on the first draft were invited to attend. The workshop consisted of approximately 128 participants.

The workshop focused on specific problems that were identified in the comments but did not focus on a line-by-line review of the text First, global issues that transcended the various areas were identified in a plenary session. Then, the global issues, as well as issues from each of the separate areas (functional requirements, laotection profiles, protection profile creation, development assurance, evaluation assurance, CS protection profiles, LP protection profiles, and issues on international harmonization), were discussed in separate breakout sessions.

The purpose of this proceeding is to inform the Federal Criteria commentators and the workshop attendees of the outcome of the workshop. Also, this proceeding will be used as a blueprint for updating the Federal Criteria. This proceeding, and the revised portions of the draft Federal Criteria contents, will be the two principal NIST/NSA inputs to the CCEB. Preliminary plans for dealing with the Federal Criteria comments are included in this document, and all revisions will be performed under the direction of NIST and the NSA.