CC Part 3 and the CEM Security Assurance and Evaluation Methodology. Su-en Yek Australasian CC Scheme
|
|
|
- Maud Mason
- 5 years ago
- Views:
Transcription
1 CC Part 3 and the CEM Security Assurance and Evaluation Methodology Su-en Yek Australasian CC Scheme
2 What This Tutorial Is An explanation of where Security Assurance Requirements fit in the CC evaluation paradigm A tutorial about Security Assurance Requirements and the CC Evaluation Methodology that you won t read about in CC part 3 or the CEM
3 What This Tutorial Will Not Focus On Identifying each Assurance Class, Family, Component and Element Explaining Assurance Classes in each Evaluation Assurance Level (EAL) Discussing how Evaluation Facilities, Certifying Bodies and the Common Criteria Recognition Arrangement (CCRA) interpret or apply Assurance Requirements
4 Definitions CC Common Criteria CEM Common Methodology for Information Security Evaluation, aka CC Evaluation Methodology EAL Evaluation Assurance Level SAR Security Assurance Requirement SFR Security Functional Requirement ST Security Target TOE Target of Evaluation TSF TOE Security Features
5 Order of Discussion 1. What is the CEM. What the CEM is not! 2. CC Evaluation Paradigm
6 What is CC Evaluation Methodology To evaluate is to collect, process and analyse information to determine a result Method is the defined as the way something is conducted Evaluation Method is the way information is collected, processed and analysed to determine a result
7 What is CC Evaluation Methodology Methodology defines the underlying beliefs and reasons for the way we do something Evaluation methodology defines the underlying beliefs and reasons for the way we conduct evaluations The CEM does NOT define the underlying methodology for conducting CC evaluations Evaluators define the underlying methodology in their conduct of CC evaluations
8 What is CC Evaluation Methodology The CC and the CEM provides a FRAMEWORK for Evaluators to conduct IT security evaluations using their chosen methodology The CC and CEM framework is designed to be hardware and software agnostic The CEM provides structured guidance on the methods Evaluators should adopt for evaluating The methodology lies in WHY the Evaluator chose the methods they used
9 Common Criteria Evaluation Paradigm Security Target (ST) EAL X TOE Objectives SFRs Statement of TOE Security Functionality SARs Understand the TOE and SFRs enforced on the TOE SARs TOE testing to ensure no SFR compromise or bypass GOAL Gain assurance the SFRs enforced on the TOE are an accurate reflection of the ST and cannot be compromised or bypassed according to the attack potential associated with the EAL
10 Defining Functions and Assurance FUNCTIONS - SFRs A mechanism that either exists or does not exist ASSURANCE - SARs a level of confidence that can be gained
11 Defining SFRs and SARs in CC Context Security Functional Requirements are stated for an Evaluator to identify what mechanisms exist in the TOE Security Assurance Requirements are provided for an Evaluator to gain a level of confidence that the SFR is accurately enforced on the TOE and confidence that the SFR cannot be compromised or bypassed
12 Expanding on SARs SARs are evidence-based requisites SARs are documents eg. TOE design, processes eg. flaw remediation process, and actions eg. testing and vulnerability analysis The Developer provides evidence to the Evaluator for the Evaluator to understand the TOE and its security features to determine that the SFR is enforced accurately and that the SFR may not be compromised or bypassed
13 How Much Evaluation is Required on the Evidence? SAR evaluation relies on multiple evaluation methods The depth and rigour of SAR evaluation is determined by the EAL and subsequent attack potential of that EAL EAL 1-7 is a scale of increasing assurance gained that SFR compromise and bypass cannot occur at increasing levels of attack potential (expertise, resources, motivation)
14 Assurance Package EAL 1 Assurance Class ADV: Development AGD: Guidance documents ALC: Life-cycle support ASE: Security Target evaluation ATE: Tests AVA: Vulnerability assessment Assurance Component ADV_FSP.1 Basic functional specification AGD_OPE.1 Operational user guidance AGD_PRE.1 Preparative procedures ALC_CMC.1 Labelling of the TOE ALC_CMS.1 TOE CM coverage ASE_CCL.1 Conformance claim ASE_ECD.1 Extended components definition ASE_INT.1 ST introduction ASE_OBJ.1 Security objectives for the operational environment ASE_REQ.1 Stated security requirements ASE_TSS.1 TOE summary specification ATE_IND.1 Independent testing AVA_VAN.1 Vulnerability survey
15 Assurance Classes Understanding the TOE and security features ASE Security Target AGD Guidance Documents ADV Development Determine that SFRs are enforced accurately and may not be compromised or bypassed ATE Testing AVA Vulnerability Assessment
16 Assurance Classes What about Life-cycle support (ALC) and Composition (ACO)? ALC supports Certification Continuity Life-cycle support is aimed at providing evidence on the Developer s development, production and delivery processes ACO supports the integration of multiple evaluated TOEs Composition is aimed at the Developer providing evidence on composite relationships
17 What does Assurance and the CEM Provide? Strengths Hardware and software agnostic evaluation criteria Standardised certification result which enables mutual recognition Weaknesses Disproportion of effort among assurance class and requirement evaluation criteria EAL scale of attack potential is not commensurate to the current IT security threat environment
18 What s The Way Forward? CC v 4 CC Working Groups Concentrate on improving and developing evaluations that suit Developer, Consumer, Evaluator and Certifier needs Timeliness Usability Benefit
19 The CC Paradigm in Context The CC is an IT security evaluation criteria The Certifying Body (CB) ensures competence, impartiality and consistency is applied in CC evaluations by evaluation facilities The CC Recognition Agreement (CCRA) management bodies ensures harmony among CC schemes and mutual recognition
20 Common Criteria Evaluation Paradigm Security Target (ST) EAL X TOE Objectives SFRs Statement of TOE Security Functionality SARs Understand the TOE and SFRs enforced on the TOE SARs TOE testing to ensure no SFR compromise or bypass Understanding the CC Evaluation Paradigm enables you to apply the criteria and identify the problems for improvement
21
Smart TV Security Solution V2.0 for Samsung Knox. Certification Report
KECS-CR-17-82 Smart TV Security Solution V2.0 for Samsung Knox Certification Report Certification No.: KECS-CISS-0846-2017 2017. 12. 27 IT Security Certification Center History of Creation and Revision
Certification Report Arbit Data Diode 2.0
Ärendetyp: 6 Diarienummer: 15FMV10190-35:1 Dokument ID CSEC-37-1072 HEMLIG/ enligt Offentlighets- och sekretesslagen (2009:400) 2016-10-13 Country of origin: Sweden Försvarets materielverk Swedish Certification
Smart TV Security Solution V3.0 for Samsung Knox. Certification Report
KECS-CR-18-54 Smart TV Security Solution V3.0 for Samsung Knox Certification Report Certification No.: KECS-CISS-0903-2018 2018. 11. 8 IT Security Certification Center History of Creation and Revision
FED 5. Certification Report
KECS-CR-18-09 FED 5 Certification Report Certification No.: KECS-CISS-0858-2018 2018. 3. 27. IT Security Certification Center Certification Report Page 1 No. Date History of Creation and Revision Revised
Mobiledesk VPN v1.0 Certification Report
KECS-CR-11-64 Mobiledesk VPN v1.0 Certification Report Certification No.: KECS-NISS-0356-2011 2011. 12. 29 IT Security Certification Center History of Creation and Revision No. Date Revised Pages 00 2011.12.29
SERTIT-014 CR Certification Report
Sertifiseringsmyndigheten for IT-sikkerhet Norwegian Certification Authority for IT Security SERTIT-014 CR Certification Report Issue 1.0 Fort Fox Hardware Data Diode FFHDD2 CERTIFICATION REPORT - SERTIT
BSI-CC-PP for. Biometric Verification Mechanisms Protection Profile Version 1.3. from. Bundesamt für Sicherheit in der Informationstechnik
for Biometric Verification Mechanisms Protection Profile Version 1.3 from Bundesamt für Sicherheit in der Informationstechnik BSI - Bundesamt für Sicherheit in der Informationstechnik, Postfach 20 03 63,
Protection Profile for Connected Diabetes Devices (CDD PP) Extended Package: Moderate
1 2 3 Protection Profile for Connected Diabetes Devices (CDD PP) Extended Package: Moderate 4 5 6 DTSec CDD PP EP Moderate 1.0 - May 22, 2018 Page 1 of 14 7 8 9 10 11 12 13 Acknowledgements This EP was
AhnLab TrusGuard V2.2 Certification Report
KECS-CR-13-28 AhnLab TrusGuard V2.2 Certification Report Certification No.: KECS-NISS-0459-2013 2013. 8. 12 IT Security Certification Center History of Creation and Revision No. Date Revised Pages 00 2013.8.12
BSI-CC-PP for. Remote-Controlled Browsers Systems (ReCoBS) Version 1.0. from. Bundesamt für Sicherheit in der Informationstechnik
BSI-CC-PP-0040-2008 for Remote-Controlled Browsers Systems (ReCoBS) Version 1.0 from Bundesamt für Sicherheit in der Informationstechnik BSI - Bundesamt für Sicherheit in der Informationstechnik, Postfach
BSI-CC-PP for. Portable Storage Media Protection Profile (PSMPP), Version 1.0. from. Federal Office for Information Security
BSI-CC-PP-0081-2012 for Portable Storage Media Protection Profile (PSMPP), Version 1.0 from Federal Office for Information Security Federal Office for Information Security (BSI), Postfach 20 03 63, 53133
BSI-CC-PP for. Common Criteria Protection Profile Electronic Identity Card (ID_Card PP), Version from
BSI-CC-PP-0061-2009 for Common Criteria Protection Profile Electronic Identity Card (ID_Card PP), Version 1.03 from Bundesamt für Sicherheit in der Informationstechnik BSI - Bundesamt für Sicherheit in
CERTIFICATION REPORT
REF: 2015-32-INF-1640 v1 Target: Expediente Date: 26.05.2016 Created by: CERT10 Revised by: CALIDAD Approved by: TECNICO CERTIFICATION REPORT File: 2015-32 CCN-TP-PP Applicant: Centro Criptológico Nacional
TÜBİTAK BİLGEM UEKAE UKİS
Certification Report EAL 4+ (AVA_VAN.5) Evaluation of TÜBİTAK BİLGEM UEKAE UKİS v2.2.8h issued by Turkish Standards Institution Common Criteria Certification Scheme Certificate Number: 21.0.03/TSE-CCCS-34
Security Target FORT FOX HARDWARE DATA DIODE. Common Criteria FFHDD EAL7+ Classification PUBLIC
FORT FOX HARDWARE DATA DIODE Security Target Common Criteria FFHDD EAL7+ Classification PUBLIC Component: ASE_CCL.1, ASE_ECD.1, ASE_INT.1, ASE_OBJ.2, ASE_REQ.2, ASE_SPD.1, ASE_TSS.2 Project no./ref. no.
CERTIFICATION REPORT
REF: 2016-46-INF-2342 v1 Target: Público Date: 24.04.2018 Created by: CERT11 Revised by: CALIDAD Approved by: TECNICO CERTIFICATION REPORT File: 2016-46 Dell EMC VxRail Appliance Applicant: Dell Technologies,
BSI-CC-PP for. Common Criteria Protection Profile Digital Tachograph - Smart Card (Tachograph Card), Version from
BSI-CC-PP-0070-2011 for Common Criteria Protection Profile Digital Tachograph - Smart Card (Tachograph Card), Version 1.02 from Bundesamt für Sicherheit in der Informationstechnik Federal Office for Information
BSI-CC-PP-0053-V for. Security Module Card Type B (PP-SMC-B), Version 1.2. developed on behalf of the. Federal Ministry of Health, Germany
BSI-CC-PP-0053-V2-2009 for Security Module Card Type B (PP-SMC-B), Version 1.2 developed on behalf of the Federal Ministry of Health, Germany BSI - Bundesamt für Sicherheit in der Informationstechnik,
Samsung Multifunction ProXpress M4580, M4583 Series Certification Report
KECS-CR-15-06 Samsung Multifunction ProXpress M4580, M4583 Series Certification Report Certification No.: KECS-CISS-0578-2015 2015. 1. 20 IT Security Certification Center Certification Report Page 1 No.
BSI-CC-PP for. Machine-Readable Electronic Documents based on BSI TR for Official Use (MR.ED-PP), Version 1.01.
BSI-CC-PP-0087-2015 for Machine-Readable Electronic Documents based on BSI TR-03110 for Official Use (MR.ED-PP), Version 1.01 from Federal Office for Information Security (BSI) Federal Office for Information
ASSURANCE CONTINUITY: CCRA REQUIREMENTS
ASSURANCE CONTINUITY: CCRA REQUIREMENTS VERSION 2.1 JUNE 2012 1 INTRODUCTION...3 1.1 SCOPE...3 1.2 APPROACH...3 1.3 CONTENTS...3 2 TECHNICAL CONCEPTS...4 2.1 ASSURANCE CONTINUITY PURPOSE...4 2.2 TERMINOLOGY...4
Certification Report Färist 4
Ärendetyp: 6 Diarienummer: 13FMV5047-44:1 Dokument ID FMVID-297-738 Öppen enligt Offentlighets- och sekretesslagen (2009:400) 2015-06-17 Country of origin: Sweden Försvarets materielverk Issue: 1.0, 2015-jun-17
Market Central, Inc. Security Target
SecureSwitch Fiber Optic Switch Models: 1:1, 2:1, 3:1, 4:1, 5:1, 6:1, 7:1 and 8:1 July 2016 Document prepared by Ark Infosec Labs Inc. www.arkinfosec.net Document History Version Date Author Description
Certification Report - Dencrypt Talk App
Template: Normal.dotm, 7.0 Ärendetyp: 6 Diarienummer: 16FMV11144-47:1 Dokument ID CSEC-37-1424 HEMLIG/ enligt Offentlighets- och sekretesslagen (2009:400) 2017-11-22 Country of origin: Sweden Försvarets
Common Criteria for Information Technology Security Evaluation. Part 3: Security Assurance Requirements. March Version 2.
Common Criteria for Information Technology Security Evaluation Part 3: Security Assurance Requirements March 2004 Version 2.4 Revision 256 ASE/APE Trial Use version CCIMB-2004-03-003 Foreword This version
SERTIT-086 CR Certification Report
Sertifiseringsmyndigheten for IT-sikkerhet Norwegian Certification Authority for IT Security SERTIT-086 CR Certification Report Issue 1.0 THD88/M2064 Secure Microcontroller with CERTIFICATION REPORT -
National Information Assurance Partnership
National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report Protection Profile for IPsec Virtual Private Network (VPN) Clients, Version 1.1 Report Number:
TNO CERTIFICATION. NSCIB-CC Certification Report. Fort Fox Hardware Data Diode, version FFHDD2
TNO CERTIFICATION Laan van Westenenk 501 P.O. Box 541 7300 AM Apeldoorn The Netherlands Phone +31 55 5493468 Fax +31 55 5493288 E-mail: Certification@certi.tno.nl BTW/VAT NR NL8003.32.167.B01 Bank ING
This page is intentionally left blank
This page is intentionally left blank Page 2 of 25 OCSI/CERT/CCL/08/2018/RC Vers. 1.0 Ministero dello Sviluppo Economico Istituto Superiore delle Comunicazioni e delle Tecnologie dell'informazione Certification
Blancco File Eraser Security Target. For the Common Criteria Certification of Blancco File Eraser Version
Blancco File Eraser Security Target For the Common Criteria Certification of Blancco File Eraser Version 2.0 www.blancco.com Table of Content 1 Security Target Introduction... 3 1.1 ST Reference... 3 1.2
Module 6: Network and Information Security and Privacy. Session 3: Information Security Methodology. Presenter: Freddy Tan
Module 6: Network and Information Security and Privacy Session 3: Information Security Methodology Presenter: Freddy Tan Learning Objectives Understanding the administrative, physical, and technical aspects
CERTIFICATION REPORT
REF: 2013-20-INF-1591 v1 Target: Público Date: 13.04.2016 Created by: CERT11 Revised by: CALIDAD Approved by: TECNICO CERTIFICATION REPORT File: 2013-20 Huawei OceanStor Software Applicant: 440301192W
BSI-CC-PP for
BSI-CC-PP-0072-2012 for Protection profiles for secure signature creation device Part 5: Extension for device with key generation and trusted communication with signature creation application, Version
Certification Report - Dencrypt Server System 2.0
Template: Normal.dotm, 7.0 Ärendetyp: 6 Diarienummer: 16FMV12799-33:1 Dokument ID CSEC-37-1425 HEMLIG/RESTRICTED enligt Offentlighets- och sekretesslagen (2009:400) 2017-11-20 Country of origin: Sweden
Employee Express Security Module (EmplX Security Module) Security Target
Employee Express Security Module (EmplX Security Module) Security Target Common Criteria: EAL2 Version 1.0 09 AUG 11 Document management Document identification Document ID Document title Document date/version
SERTIT-091 CR Certification Report
Sertifiseringsmyndigheten for IT-sikkerhet Norwegian Certification Authority for IT Security SERTIT-091 CR Certification Report Issue 1.0 Feitian FT-JCOS v1.0/0.106.13 running on Infineon M7892 B11 CERTIFICATION
SPass NX V1.0 on S3CT9KW/S3CT9KC/S3CT9K9 Certification Report
KECS-CR-12-38 SPass NX V1.0 on S3CT9KW/S3CT9KC/S3CT9K9 Certification Report Certification No.: KECS-ISIS-0394-2012 2012. 6. 15 IT Security Certification Center History of Creation and Revision No. Date
IT Security Evaluation : Common Criteria
AfriNIC-9 MEETING Mauritius 22-28 November 2008 IT Security Evaluation : Common Criteria Ministry of Communication Technologies National Digital Certification Agency Mounir Ferjani November 2008 afrinic
Certification Report - NetMotion Mobility 11.0
Ärendetyp: 6 Diarienummer: 15FMV6322-59:1 Dokument ID CSEC-37-1465 HEMLIG/RESTRICTED enligt Offentlighets- och sekretesslagen (2009:400) 2017-12-04 Country of origin: Sweden Försvarets materielverk Issue:
Courtesy Translation
PREMIER MINISTRE General Secretariat for Defence and National Security French Network and Information Security Agency Certification Report ANSSI-CC-PP-2010/02 (reference SFPMEI-CC-PP-SAM, version 1.5 dated
Courtesy Translation
PREMIER MINISTRE General Secretariat for Defence and National Security French Network and Information Security Agency Certification Report ANSSI-CC-PP-2010/01 (reference SFPMEI-CC-PP-EP, version 1.5 dated
BSI-DSZ-CC for. Tivoli Security Policy Manager, Version 7.1. from. IBM Corporation
BSI-DSZ-CC-0839-2013 for Tivoli Security Policy Manager, Version 7.1 from IBM Corporation BSI - Bundesamt für Sicherheit in der Informationstechnik, Postfach 20 03 63, D-53133 Bonn Phone +49 (0)228 99
Courtesy Translation
PREMIER MINISTRE Secretariat General for National Defence Central Directorate for Information Systems Security Certification Report DCSSI-2009/16 OpenTrust PKI software, version 4.3.4 Paris,7 th of July
Smart TV Security Solution V2.0. for Samsung Knox. Security Target V1.4
Smart TV Security Solution V2.0 for Samsung Knox Security Target V1.4 SAMSUNG ELECTRONICS CO., Ltd. Document History VERSION DESCRIPTION OF CHANGE DATE 1.0 Initial version 2017. 08. 31 1.1 Change TOE Title
SERTIT-050 CR Certification Report
Sertifiseringsmyndigheten for IT-sikkerhet Norwegian Certification Authority for IT Security SERTIT-050 CR Certification Report Issue 1.0 Thinklogical VX320 Video Router KVM Matrix Switch CERTIFICATION
Samsung Smart TV Security. Solution GAIA V1.0. Security Target V1.5
Samsung Smart TV Security Solution GAIA V1.0 Security Target V1.5 SAMSUNG ELECTRONICS CO., Ltd. Document History VERSION DESCRIPTION OF CHANGE DATE 1.0 Initial version 2015. 09. 04 1.1 TOE Scope Change
MecWise HR 3.1 (R1) (MecWise ehuman Resource) Security Target
MecWise HR 3.1 (R1) (MecWise ehuman Resource) Security Target Version 1.11 Date: 4 th September, 2010 Document Information This section describes the Security Target document history, briefly describes
Certification Report
Certification Report EAL 2+ Evaluation of EMC Celerra Network Server Version 5.5 running on EMC Celerra NSX and EMC Celerra NS series Issued by: Communications Security Establishment Certification Body
Courtesy Translation
PREMIER MINISTRE Secrétariat général de la défense et de la sécurité nationale Agence nationale de la sécurité des systèmes d information Certification Report ANSSI-CC-2012/18 Java Card Virtual Machine
MQAssure TM NetSignOn Secure Desktop Login
MQAssure TM NetSignOn Secure Desktop Login EAL 1 Security Target Version 1.7 Date: 08 February 2012 MAGNAQUEST SOLUTIONS SDN. BHD. Document History Version No. Date Revision Description 1.0 31 July 2010
Brocade MLXe and NetIron Family Devices with Multi-Service IronWare R
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report Brocade Communications Systems, Inc. Brocade MLXe and NetIron Family Devices with Multi-Service
National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme. Validation Report
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report Collaborative Protection Profile for Full Drive Encryption Authorization Acquisition, Version
CERTIFICATION REPORT
REF: 2017-49-INF-2218 v1 Target: Expediente Date: 21.02.2018 CERTIFICATION REPORT Created by: CERT10 Revised by: CALIDAD Approved by: TECNICO File: 2017-49 Windows 10: build 10.0.15063 (a.k.a. 1703) (Creators
084 Sponsors and Developers Guide to the Evaluation and Certification
Ärendetyp: 6 Diarienummer: 17FMV9080-8:1 Dokument ID SP-084 HEMLIG/ enligt Offentlighets- och sekretesslagen (2009:400) 2017-11-01 Country of origin: Sweden Försvarets materielverk Swedish Certification
Certification Report
Certification Report Standard Edition v2.8.2 RELEASE Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of
Germany and The Netherlands Certification of cryptographic modules
Germany and The Netherlands Certification of cryptographic modules Leo Kool (Msc), Brightsight 18 May 2016, kool@brightsight.com Outline CC and Schemes Evaluation Process and Reporting forms (NSCIB, BSI)
TASKalfa 3050ci, TASKalfa 3550ci, TASKalfa 4550ci, TASKalfa 5550ci Data Security Kit (E) Japan Version Security Target Version 0.
TASKalfa 3050ci, TASKalfa 3550ci, TASKalfa 4550ci, TASKalfa 5550ci Data Security Kit (E) Japan Version Security Target Version 0.70 This document is a translation of the evaluated and certified security
Application Notes and Interpretation of the Scheme (AIS)
Application Notes and Interpretation of the Scheme (AIS) AIS 34, Version 3 Date: 03.09.2009 Status: Subject: Publisher: Effective Evaluation Methodology for CC Assurance Classes for EAL5+ (CC v2.3 & v3.1)
CERTIFICATION REPORT
REF: 2018-4-INF-2341 v3 Target: Público Date: 20.07.2018 Created by: CERT10 Revised by: CALIDAD Approved by: TECNICO CERTIFICATION REPORT File: 2018-4 Windows 10: build 10.0.16299 (also known as version
Certification Report
Certification Report EAL 2+ Evaluation of McAfee Enterprise Mobility Management 9.7 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification
BSI-DSZ-CC for. JBoss Enterprise Application Platform Version 4.3 CP03. from. Red Hat
BSI-DSZ-CC-0531-2009 for JBoss Enterprise Application Platform Version 4.3 CP03 from Red Hat BSI - Bundesamt für Sicherheit in der Informationstechnik, Postfach 20 03 63, D-53133 Bonn Phone +49 (0)228
ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Methodology for IT security evaluation
INTERNATIONAL STANDARD ISO/IEC 18045 First edition 2005-10-01 Information technology Security techniques Methodology for IT security evaluation Technologies de l'information Techniques de sécurité Méthodologie
Certification Report Sony Xperia X and Sony Xperia X Performance
Ärendetyp: 6 Diarienummer: 16FMV2071-42:1 Dokument ID HEMLIG/ enligt Offentlighets- och sekretesslagen (2009:400) 2016-12-05 Country of origin: Sweden Försvarets materielverk Swedish Certification Body
BSI-DSZ-CC For. Oracle Database 11g Release 2 Standard Edition and Standard Edition 1. from. Oracle Corporation
BSI-DSZ-CC-0765-2012 For Oracle Database 11g Release 2 Standard Edition and Standard Edition 1 from Oracle Corporation BSI - Bundesamt für Sicherheit in der Informationstechnik, Postfach 20 03 63, D-53133
CERTIFICATION REPORT
REF: 2016-40-INF-2019 v3 Target: Expediente Date: 07.09.2017 Created by: CERT9 Revised by: CALIDAD Approved by: TECNICO CERTIFICATION REPORT File: 2016-40 Huawei Eudemon 8000E-X V300R001C01SPC300B113 Applicant:
Dell EMC NetWorker 9.1
Dell EMC NetWorker 9.1 Evaluation Assurance Level (EAL): EAL2+ Doc No: 1986-000-D102 Version: 1.2 10 July 2017 EMC Corporation 176 South Street Hopkinton, MA, USA 01748 Prepared by: EWA-Canada 1223 Michael
National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report
National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report Innovation Data Processing FDRERASE Version 5.4, Level 50 Report Number: CCEVS-VR-05-0109
ATEN/IOGear Secure KVM Switch Series Security Target
ATEN/IOGear Secure KVM Switch Series Security Target File Name: ATEN&IOGear Secure KVM Switch Series Security Target.DOC Version: 1.5.1 Date: 2011/06/28 Author: ATEN Contents 1 ST Introduction... 2 1.1
BSI-DSZ-CC for. SLS 32TLC100(M) CIPURSE Security Controller v from. Infineon Technologies AG
BSI-DSZ-CC-0944-2014 for SLS 32TLC100(M) CIPURSE Security Controller v1.00.00 from Infineon Technologies AG BSI - Bundesamt für Sicherheit in der Informationstechnik, Postfach 20 03 63, D-53133 Bonn Phone
TASKalfa 3500i, TASKalfa 4500i, TASKalfa 5500i Data Security Kit (E) Overseas Version Security Target Version 0.80
TASKalfa 3500i, TASKalfa 4500i, TASKalfa 5500i Data Security Kit (E) Overseas Version Security Target Version 0.80 This document is a translation of the evaluated and certified security target written
Certification Report
Certification Report EAL 2+(ALC_FLR.1) Evaluation of Sisoft Sağlık Bilgi Sistemleri Ltd. Şti. (Sisoft Healthcare Information Systems) Sisoft WEBHBYS V2.0.0.3 issued by Turkish Standards Institution Common
Certification Report
Certification Report Owl DualDiode Communication Cards v7 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of
BSI-CC-PP for. FIDO Universal Second Factor (U2F) Authenticator, Version 1.0. developed by. Federal Office for Information Security
for FIDO Universal Second Factor (U2F) Authenticator, Version 1.0 developed by Federal Office for Information Security Federal Office for Information Security (BSI), Postfach 20 03 63, 53133 Bonn, Germany
This page is intentionally left blank
This page is intentionally left blank Page 2 of 24 OCSI/CERT/SYS/09/2016/RC Vers. 1.0 Ministero dello Sviluppo Economico Istituto Superiore delle Comunicazioni e delle Tecnologie dell'informazione Certification
Certification Report
Certification Report EAL 4+ Evaluation of WatchGuard and Fireware XTM Operating System v11.5.1 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation
collaborative Protection Profile for Full Drive Encryption Authorization Acquisition
PP Reference: collaborative Protection Profile for Full Drive Encryption Authorization Acquisition collaborative Protection Profile for Full Drive Encryption Authorization Acquisition Version 0. Acknowledgements
Courtesy Translation
PREMIER MINISTRE Secretariat General for National Defence Central Directorate for Information Systems Security Certification Report DCSSI-2008/31 Paris, 16 th of September 2008 Courtesy Translation Certification
CERTIFICATION REPORT
REF: 2011-6-INF-1085 v1 Target: Expediente Date: 07.12.2012 Created by: CERT8 Revised by: CALIDAD Approved by: TECNICO File: 2011-6 VAG Applicant: 0860042250 ASELSAN INC. References: CERTIFICATION REPORT
Courtesy Translation
PREMIER MINISTRE General Secretariat for Defence and National Security French Network and Information Security Agency Certification Report ANSSI-CC-2010/21 CC IDeal Citiz SmartCard (on SB23YR48B), version
National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme TM Validation Report for the Venafi Trust Protection Platform, Version 1.0 Report Number: CCEVS-VR-VID10800-2017
Certification Report
Certification Report Symantec Security Information Manager 4.8.1 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government
This page is intentionally left blank
This page is intentionally left blank Page 2 of 26 OCSI/CERT/SYS/11/2016/RC Vers. 1.0 Ministero dello Sviluppo Economico Istituto Superiore delle Comunicazioni e delle Tecnologie dell'informazione Certification
National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report
National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report Blue Ridge Networks BorderGuard Centrally Managed Embedded PKI Virtual Private Network (VPN)
National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report Vormetric Data Security Manager V6000, Version 5.3 Report Number: CCEVS-VR-VID10737-2016 Dated:
Certification Report
Certification Report EAL 2+ Evaluation of Netsight/Network Access Control v3.2.2 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification
Common Criteria for Information Technology Security Evaluation. Part 3: Security assurance requirements. August Version 2.
Common Criteria for Information Technology Security Evaluation Part 3: Security assurance requirements August 1999 Version 2.1 CCIMB-99-033 Part 3: Security assurance requirements Foreword This version
Certification Report
Certification Report Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report for Thycotic Secret Server Government Edition v10.1 Report Number: CCEVS-VR-VID10953 Dated:
Protection Profile for Server Virtualization
Protection Profile for Server Virtualization 14 September 2015 Version 1.1 i 0 Preface 0.1 Objectives of Document This document presents the Common Criteria (CC) Protection Profile (PP) to express the
National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report AlienVault USM for Government v4.12 and RT Logic CyberC4:Alert v4.12 Report Number: CCEVS-VR-VID10548
EMC VNXe1600 OE v3.1.3
EMC VNXe1600 OE v3.1.3 Evaluation Assurance Level (EAL): EAL2+ Doc No: 1950-000-D102 Version: 0.7 18 March 2016 EMC Corporation 176 South Street Hopkinton, MA, USA 01748 Prepared by: EWA-Canada 1223 Michael
RedCastle v3.0 for Asianux Server 3 Certification Report
KECS-CR-08-21 RedCastle v3.0 for Asianux Server 3 Certification Report Certification No.: KECS-CISS-0104-2008 April 2008 IT Security Certification Center National Intelligence Service This document is
CERTIFICATION REPORT
REF: 2012-32-INF-2355 v1 Target: Público Date: 09.05.2018 Created by: CERT10 Revised by: CALIDAD Approved by: TECNICO CERTIFICATION REPORT File: 2012-32 Aselsan STC-8250A v1.1 Applicant: 0860042250 Aselsan
DMT-CBS-CE3D3 Family (DMT-CBS-CE3D3/CC080/CC048) Dual interface smart card chip with HAL library, version 2.0
DMT-CBS-CE3D3 Family (DMT-CBS-CE3D3/CC080/CC048) Dual interface smart card chip with HAL library, version 2.0 Security Target Lite 13 December 2016 Version 0.3 1 DATANG DATANG MICROELECTRONICS MICROELECTRONICS
National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme. Validation Report. for
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme TM Validation Report for Report Number: CCEVS-VR-VID10769-2017 Dated: May 31, 2017 Version: 1.0 National Institute
National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme. Validation Report
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report Protection Profile for IPsec Virtual Private Network (VPN) Clients, Version 1.4, October 21
Certification Report
Certification Report Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security Establishment,
Certification Report
Certification Report EAL 2 Evaluation of Arbor Networks, Inc. Pravail APS 2100 Series Appliances Version 5.4 issued by Turkish Standards Institution Common Criteria Certification Scheme Rev. No : 00 Page
BSI-CC-PP for
for Protection Profile for the Security Module of a Smart Meter Mini-HSM (Mini-HSM Security Module PP) - Schutzprofil für das Sicherheitsmodul des Smart Meter Mini-HSM, V1.0 developed by Federal Office
Managing Product Configuration Complexity in CC Evaluations
Managing Product Configuration Complexity in CC Evaluations Dr. Karsten Klohs / 14th ICCC, Orlando, September 2013 / 0 / V1.02 Motivation: Tailoring Products for Customers Product AB Product A Gain ++