Specific identified methods are specified to implement
protection in the hope that they have been well studied and there is a
community investment in their use. Examples include the use of X.509
certificates for interoperable key-managed encrypted data transport, Orange
book B1 approved systems for increased operating system security assurance,
and ISO-9000 processes for high-quality industrial-grade quality assurance.
Complexity: Standards tend to reduce the complexity of meeting assurance
requirements by structuring them and sharing the work. They also tend to
make interoperability easier to attain.
fc@red.a.net