The Secure Computer Standard is a document published by the Secure IT Foundation, to give computer manufacturers and computer sellers guidance as to what steps they should be taking to provide a computer ‘secure out the box’.
The latest update and all older versions can be found on the documents page.
The Standard itself has been developed out of the many years of computer security experience from the Secure IT Foundation volunteers, combined with multiple sources of enterprise and government security guides and standards e.g. NIST, Information Security Forum, CESG, Microsoft, SUN, IBM, HP, APACS, FBI etc.
Computer Security Rating scheme
To accompany the Standard, we have developed a sample computer security rating scheme for consumers to be able choose wisely when they buy a new computer.
For large companies there are legal and regulatory standards to be met for which the IT Security industry supports. Payment data, pin codes, passwords, medical data, personal data all must be secured to a standard but the ordinary user has no simple computer standards to apply. Instead of extensive manuals documenting what must be done to make a computer secure, as used by big organisations, the ordinary home user gets basic or poor information scattered about the Internet which is mostly in an alien language.
This has been likened to a new car purchaser being given a box of parts and told put them together to make his new car secure and safe. What the Secure IT Foundation has identified is the need for the consumers to be empowered to make a choice based on a security rating. Home computer users can use the Internet to see what safety rating their car has without understanding the crash testing process, but the same people are expected to be experts in computer security.
Our suggested computer security rating scheme is based on a five level security model:
Would you buy a computer if you knew it had the lowest rating when there was a similar box with a higher security rating for the same price? That is the goal of the Secure IT Foundation, to give everyone the opportunity to make an informed choice when they buy their next computer. Buying a computer is a complex purchase that can have major consequences on peoples’ lives on the Internet and in real life, security should not be part of the complexity.