Mark’s manager has tasked him with researching an intrusion detection system for a new dispatching center.
Mark identifies the top five products and compares their ratings.
Which of the following is the evaluation criteria most in use today for these types of purposes?

A.
ITSEC

B.
Common Criteria

C.
Red Book

D.
Orange Book

Explanation:
The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC)
is an international standard (ISO/IEC 15408) for computer security certification. It is currently in version 3.1
revision 4. Common Criteria is a framework in which computer system users can specify their security
functional and assurance requirements (SFRs and SARs respectively) through the use of Protection Profiles
(PPs), vendors can then implement and/or make claims about the security attributes of their products, and
testing laboratories can evaluate the products to determine if they actually meet the claims. In other words,
Common Criteria provides assurance that the process of specification, implementation and evaluation of a
computer security product has been conducted in a rigorous and standard and repeatable manner at a level
that is commensurate with the target environment for use. Common Criteria is used as the basis for a
Government driven certification scheme and typically evaluations are conducted for the use of Federal
Government agencies and critical infrastructure.

http://en.wikipedia.org/wiki/Common_Criteria