A Method of Information Security Evaluation Combining CC with SSE-CMM
CC与SSE-CMM结合的信息安全评估方法

The information security evaluation is an important part of information field. It is a general method to execute evaluation to the information security products under the instruction of Common Criteria (CC).A new method of information security evaluation, based on the combination of CC and Systems Security Engineering Capability Maturity Model CSSE-CMM) ,has been proposed in the paper. The basic idea of this method is using the reference of the security system engineer. Based on the experiment of a Target of Evaluation (TOE) in CC.the evaluation result of security assurance by this new method is proved to be more accurate, more comprehensive and more acceptable.