摘要： 安全要素评估是信息系统安全评估中的一个关键问题，而国家标准GB 17859 对安全要素的定义是纲领性的，不易直接度量。如何建立一种易于理解且可行的安全要素评估方法，已成为信息系统安全评估中的一个紧迫问题。结合安全评估工具的研制工作，该文提出了安全要素评估所采用的要素-准则-度量-证据模型（FCME），并介绍了FCME 模型的实现方式。

关键词: 安全评估；要素-准则-度量-证据模型；安全要素

Abstract: Security elements evaluation is a primary problem of information system security evaluation. However the security elements defined in evaluation standard GB 17859 are abstract and hard to measure directly. It has become an urgent task to establish an understandable and practicable evaluation method for security elements. Based on the research and development process of security evaluation tools, this paper introduces the factor-criteria-metrics-evidence (FCME) model, which is used in security elements evaluation process, and discusses the implementation of the model.

Key words: Security evaluation; Factor-criteria-metrics-evidence model; Security element