Building an Assurance Foundation for 21 st Century Information Systems and Networks
|
|
- Brice Norton
- 5 years ago
- Views:
Transcription
1 Building an Assurance Foundation for 21 st Century Information Systems and Networks The Role of IT Security Standards, Metrics, and Assessment Programs Dr. Ron Ross National Information Assurance Partnership 1
2 National Information Assurance Partnership 2 Agenda Introduction NIAP Mission and Functions Common Criteria Project Mutual Recognition Arrangement IT Systems and Networks Summary and Conclusions
3 National Information Assurance Partnership 3 Today s Climate Rapidly changing information technologies and compressed technology life cycles Growing complexity of IT products and systems Increasing connectivity among systems Dependence on commercial off-the-shelf IT products and systems Need for greater assurance in critical information infrastructures (both public and private sector)
4 National Information Assurance Partnership 4 Today s Challenge Consumers have access to an increasing number of security-enhanced IT products with different capabilities and limitations Consumers must decide which products provide an appropriate degree of protection for their information systems Impact: Choice of products affects the security of systems in the critical information infrastructure
5 Conceptual Life Cycle View Enterprise IT System Integrated Products Applications OS Components Network Components Design - Develop - Deploy - Operate - Maintain National Information Assurance Partnership 5
6 The Fundamentals Building more secure systems depends on the use of--- Well defined IT security requirements and security specifications - describing what types of security features we want Quality security metrics and appropriate testing, evaluation, and assessment procedures - providing assurance we received what we asked for National Information Assurance Partnership 6
7 National Information Assurance Partnership 7 What Is Needed? Producers of IT products need to have a better understanding of consumer s information security requirements Consumers of IT products, systems, and networks need to have better ways to: specify desired security features and assurances assess the security claims made by producers
8 National Information Assurance Partnership Part I National Information Assurance Partnership 8
9 Introducing NIAP The National Information Assurance Partnership (NIAP) is a U.S. Government initiative designed to meet the security testing, evaluation, and assessment needs of both information technology (IT) producers and consumers NIAP is a collaboration between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) in fulfilling their respective responsibilities under the Computer Security Act of 1987 National Information Assurance Partnership 9
10 The Partnership Combines the extensive security experience of both agencies to promote the development of technically sound security requirements for IT products and systems and appropriate metrics for evaluating those products and systems The long-term goal of NIAP is to help increase the level of trust consumers have in their information systems and networks through the use of costeffective security testing, evaluation, and assessment programs National Information Assurance Partnership 10
11 National Information Assurance Partnership 11 Partnership Objectives Foster development of IT security requirements, test methods, tools, techniques, and assurance metrics Champion the development and use of national and international standards for IT security Promote the development and use of evaluated IT products and systems Facilitate the development and growth of a commercial IT security testing industry within the U.S. Support a framework for international recognition and acceptance of IT security evaluation results
12 Program Areas Security Requirements Definition and Specification How do we tell product and systems developers what types of IT security we want? Product and System Security Testing, Evaluation, and Assessment How do we know if developers produced what we asked for? Information Assurance Research How can we improve the ways we achieve assurance in our products and systems? National Information Assurance Partnership 12
13 National Information Assurance Partnership 13 Activities and Services Operate the Common Criteria Evaluation and Validation Scheme (CCEVS SM ) for IT Security Issue Common Criteria certificates for IT products that have been successfully evaluated and validated Support the international Common Criteria Recognition Arrangement for IT security evaluations Maintain list of approved testing laboratories, validated products, and test methods Provide state-of-the-art automated tools and information sources for security requirements definition and testing
14 National Information Assurance Partnership 14 Activities and Services Promote government and industry forums for the development of IT security requirements and specifications Support information systems security testing, evaluation and assessment programs Provide a state-of-the-art, web-based repository of security requirements and testing information Sponsor IT security classes, conferences, and workshops for product developers, testing laboratories and consumers Collaborate with industry in the development of advanced tools, techniques, and methods for security testing
15 Current Projects Common Criteria Evaluation and Validation Scheme System Certification and Accreditation Research Cryptographic Module Protection Profile Development Healthcare Security Forum Smart Card Security Project Common Criteria Toolbox TM Forum Automated Security Testing INFOSEC Assessment Program Threat and Vulnerability Research (ICAT-CVE) National Information Assurance Partnership 15
16 Common Criteria Project Part II National Information Assurance Partnership 16
17 National Information Assurance Partnership 17 International Security Standards Driving Factors Common IT security requirements among nations System security challenges of the past decades International electronic commerce and e-business Global marketplace for high technology industries Continuing evolution and adaptation of national IT security standards resulting in a larger world view.
18 Objectives Develop a single international IT product and system security criteria, or common criteria Adopt the common criteria as an international IT security standard under ISO Promote international recognition of IT product security evaluations Create a level international playing field for product and system developers Facilitate greater world-wide availability of security-capable IT products National Information Assurance Partnership 18
19 An Evolutionary Process Two decades of research and development US-DOD TCSEC US-NIST MSFR 1990 Federal Criteria 1992 Common Criteria European National/Regional Initiatives Europe ITSEC 1991 Canadian Initiatives Canada TCPEC 1993 ISO Common Criteria 1999 National Information Assurance Partnership 19
20 The International Standard ISO/IEC What the standard is Common structure and language for expressing product/system IT security requirements (Part 1) Catalog of standardized IT security requirement components and packages (Parts 2 and 3) How the standard is used Develop protection profiles and security targets -- specific IT security requirements and specifications for products and systems Evaluate products and systems against known and understood IT security requirements National Information Assurance Partnership 20
21 Beneficiaries of the Standard Consumer Consortia (Users Groups) Use ISO/IEC to build protection profiles expressing their needs Work with developers to build matching IT products and systems Individual IT Consumers Look for protection profiles matching their security requirements -- use in procurement specifications Product and System Developers Use ISO/IEC to specify IT product and system security capabilities via security targets Product Evaluators and Certifiers Use ISO-compliant protection profiles and security targets to measure IT product and system compliance National Information Assurance Partnership 21
22 Defining Requirements ISO/IEC Standard Protection Profiles Access Control Identification Authentication Audit Cryptography Operating Systems Database Systems Firewalls Smart Cards Applications Biometrics Routers VPNs A flexible, robust catalogue of standardized IT security requirements (features and assurances) Consumer-driven security requirements in specific information technology areas National Information Assurance Partnership 22
23 Industry Responds Protection Profile Security Targets Firewall Security Requirements Security Features and Assurances CISCO Firewall Lucent Firewall Checkpoint Firewall Network Assoc. Firewall Consumer statement of IT security requirements to industry in a specific information technology area Vendor statements of security claims for their IT products National Information Assurance Partnership 23
24 Demonstrating Conformance Private sector, accredited security testing laboratories conduct evaluations Security IT Products Features and Assurances Common Criteria Testing Labs Test Reports Vendors bring IT products to independent, impartial testing facilities for security evaluation Test results submitted to NIAP for post-evaluation validation National Information Assurance Partnership 24
25 Validating Test Results Validation Body validates laboratory s test results Test Report Laboratory submits test report to Validation Body Common Criteria Validation Body Validation Report TM National Information Assurance Partnership Common Criteria Certificate NIAP issues Validation Report and Common Criteria Certificate National Information Assurance Partnership 25
26 Mutual Recognition Part III National Information Assurance Partnership 26
27 National Information Assurance Partnership 27 International Recognition of Test Results Motivating Factors Improve availability and range of choice of trusted products for consumers Reduce total cost of IT security testing and evaluation to developers Encourage formal IT security testing and evaluation
28 MRA Objectives Ensure that evaluations of IT products and protection profiles are performed to high and consistent standards and are seen to contribute significantly to confidence in the security of those products and profiles Increase the availability of evaluated, security-enhanced IT products and protection profiles for national use Eliminate or reduce duplicate evaluations of IT products and protection profiles Improve the efficiency and cost-effectiveness of security evaluations and the certification/validation process for IT products and protection profiles National Information Assurance Partnership 28
29 MRA History Interim Arrangement (October 1997) Canada, United Kingdom, United States Interim Arrangement (March 1998) Canada, France, Germany, United Kingdom, United States Full Arrangement (October 1998) Canada, France, Germany, United Kingdom, United States October 1999: Australia, New Zealand Harmonized Arrangement (May 2000) Australia, Canada, Finland, France, Germany, Greece, Italy, The Netherlands, New Zealand, Norway, Spain, United Kingdom, United States November 2000: Israel National Information Assurance Partnership 29
30 MRA Organization Management Committee Executive Subcommittee Technical Working Technical Working Technical Group Working Group Groups Technical Working Technical Working Technical Group Working Group Groups National Information Assurance Partnership 30
31 Committee Responsibilities Develop and recommend procedures for the conduct of Arrangement Group business Assess the technical compliance of new Certification Bodies Recommend revisions to the Arrangement Manage continuous monitoring activities Manage the conduct of shadow certification activities for current participants and new applicants National Information Assurance Partnership 31
32 National Information Assurance Partnership 32 Committee Responsibilities Resolve technical disagreements about the terms and application of the Arrangement Manage the promotion and development of IT security evaluation criteria and evaluation methods Manage the maintenance of historical databases for criteria and methodology interpretations and any resultant decisions that could affect future versions of either the criteria or methodology
33 IT Systems and Networks Part IV National Information Assurance Partnership 33
34 National Information Assurance Partnership 34 Extending Assurance to Systems Building more secure systems requires -- Well defined system-level IT security requirements and security specifications Well designed component IT products Sound systems security engineering practices Competent systems security engineers Appropriate metrics for product/system assessment Comprehensive system life cycle management
35 National Information Assurance Partnership 35 Common Criteria for IT Systems Protection profile construct appropriate for defining generalized, system-level IT security requirements Security target construct appropriate for characterizing security claims for specific instantiations of IT systems and networks
36 Role of Protection Profiles Generalized, Consumer Driven Security Requirements Technology Area Protection Profiles Technology Area Protection Profiles Technology Area Protection Profiles Technology Area Protection Profiles Operating Systems Database Systems Firewalls Applications Operating System PP DBMS PP Firewall PP Application PP IT System Security Requirements Enterprise Information Systems National Information Assurance Partnership 36
37 Role of Protection Profiles Generalized, Consumer Driven Security Requirements Technology Area Protection Profiles Technology Area Protection Profiles Technology Area Protection Profiles Technology Area Protection Profiles Operating Systems Database Systems Firewalls Applications Enterprise Information Systems Operating System PP DBMS PP Firewall PP Application PP Security Architectures IT System Security Requirements IT Product IT Product IT Product IT Product Variety of Vendor Driven IT Products National Information Assurance Partnership 37
38 Uses of Common Criteria Common Criteria artifacts and work products Protection profiles and security targets Product and system testing results Evaluation evidence Evaluation and validation reports Common Criteria certificates can be re-used to support-- IT system procurement and acquisition System certification and accreditation Other IT systems assessment activities Auditing and compliance requirements National Information Assurance Partnership 38
39 National Information Assurance Partnership 39 A Comprehensive Approach Linking Critical Assessment Activities Products Laboratory Environment Product PPs Validated Products Operational Environment Accreditation Authority Real World Threats and Vulnerabilities Accredited Testing Labs NIAP CCEVS CC Evaluations Products Generic Systems e System-level Protection Profile Specific IT System Products Generic Systems Technical Security Systems Generic Systems (Configuration of Products) Evidence Security Target Evaluation Report Validation Report Evaluation Work Packages Risk Management Security Policies Standards Guidelines Personnel Security Procedural Security Certification Accreditation
40 Summary Part VI National Information Assurance Partnership 40
41 Common Criteria Benefits Specification of security features and assurances based on an international standard Evaluation methodology based on an international standard---leading to comparability of test results Security testing laboratory expertise assessed by recognized national bodies; quality technical oversight provided by government experts Testing results recognized by many nations Reduced testing costs to sponsors of evaluations National Information Assurance Partnership 41
42 National Information Assurance Partnership 42 The Future Development of technology-based protection profiles Continued research into the practical application of Common Criteria to systems and networks Expansion of Recognition Arrangement to include additional nations Revision and modification of the Common Criteria and associated evaluation methodology
43 Contact Information National Information Assurance Partnership 100 Bureau Drive Mailstop 8930 Gaithersburg, MD USA Director Deputy Director Technical Advisor Dr. Ron S. Ross Terry Losonsky R. Kris Britton NIST-ITL NSA-V1 NSA-V1 (301) (301) (410) World Wide Web: National Information Assurance Partnership 43
Defining IT Security Requirements for Federal Systems and Networks
Defining IT Security Requirements for Federal Systems and Networks Employing Common Criteria Profiles in Key Technology Areas Dr. Ron Ross 1 The Fundamentals Building more secure systems depends on the
More informationNIST Security Certification and Accreditation Project
NIST Security Certification and Accreditation Project An Integrated Strategy Supporting FISMA Dr. Ron Ross Computer Security Division Information Technology Laboratory 1 Today s Climate Highly interactive
More informationIntroduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria
Introduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria Evaluation: assessing whether a product has the security properties claimed for it. Certification: assessing whether a
More informationIntroduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria
Introduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria Evaluation: assessing whether a product has the security properties claimed for it. Certification: assessing whether a
More informationUNICOS/mp Common Criteria Evaluation
UNICOS/mp Common Criteria Evaluation Janet Lebens, Cray Inc. Cray Proprietary Agenda Definitions NIAP CCEVS Common Criteria CC vs TCSEC Why Evaluate? Steps of Evaluation Details of Steps for Cray / Progress
More informationCommon Criteria (CC) Introduction
Common Criteria (CC) Introduction Yanet Manzano Florida State University Outline CC History CC Informally Defined CC Goals Interested Parties Interested Parties: Details CC Part 1 CC Part 2 Functional
More informationProgress Report National Information Assurance Partnership
Progress Report 2012-2015 National Information Assurance Partnership Executive Summary The National Information Assurance Partnership (NIAP) has made significant progress in three primary mission areas:
More informationNational Information Assurance Partnership (NIAP) 2017 Report. PPs Completed in CY2017
National Information Assurance Partnership (NIAP) 2017 Report NIAP continued to grow and make a difference in 2017 from increasing the number of evaluated products available for U.S. National Security
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report
National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report Blue Ridge Networks BorderGuard Centrally Managed Embedded PKI Virtual Private Network (VPN)
More informationThe Role of SANAS in Support of South African Regulatory Objectives. Mr. Mpho Phaloane South African National Accreditation System
The Role of SANAS in Support of South African Regulatory Objectives Mr. Mpho Phaloane South African National Accreditation System Outline of Presentation INTRODUCTION STATUS OF SANAS TECHNICAL INFRASTRUCTURE
More informationCommon Criteria CC-101 Introduction
Common Criteria CC-101 Introduction Yanet Manzano Florida State University manzano@cs.fsu.edu 1 Outline CC History Informally Defined Official Definition Goals Parts Important Definitions Interest Parties
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report
National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report IEEE IEEE 2600.1-2009 Report Number: CCEVS-VR-10340 Dated: 2009-06-09 Version: 2.0 National
More informationIT Security Evaluation : Common Criteria
AfriNIC-9 MEETING Mauritius 22-28 November 2008 IT Security Evaluation : Common Criteria Ministry of Communication Technologies National Digital Certification Agency Mounir Ferjani November 2008 afrinic
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme. Validation Report
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme TM Validation Report Extended Package for Secure Shell, Version 1.0, February 19, 2016 Report Number: CCEVS-VR-PP-0039
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme. Validation Report. for
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme TM Validation Report for Report Number: CCEVS-VR-10746-2016 Dated: November 10, 2016 Version: 1.0 National Institute
More informationFrequently Asked Questions
December 2001 Introduction International Standard ISO/IEC 17799:2000 Information Security Management, Code of Practice for Information Security Management Frequently Asked Questions The National Institute
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme. Validation Report. for
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report for Microsoft Windows 10 Anniversary Update IPsec VPN Client TM Report Number: CCEVS-VR-VID10753-2016
More informationCommon Criteria for IT Security Evaluation - Update report
Common Criteria for IT Security Evaluation - Update report 4 Developments in harmonisation of evaluation criteria Author. Dr. Ir. Paul L. Overbeek TNO Physics and Electronics Laboratory - p/a P.0.-Box
More informationSession objectives. Security Evaluation. Evaluation Standards. Can we trust a secure product/system? CSM27 Computer Security
Overview Session objectives Security Evaluation CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey Discuss advantages and limitations of security evaluations Clarify fundamental concepts
More informationThe Value of ANSI Accreditation. Top 10 Advantages. of accredited third-party conformity assessment
The Value of ANSI Accreditation Top 10 Advantages of accredited third-party conformity assessment The American National Standards Institute (ANSI) offers highly recognized accreditation programs globally
More informationThe International Laboratory Accreditation Cooperation (ILAC) & The International Accreditation Forum (IAF)
The International Laboratory Accreditation Cooperation (ILAC) & The International Accreditation Forum (IAF) Perspectives on ILAC & IAF Multilateral Mutual Recognition Arrangements Peter Unger, ILAC Chair
More informationModule 6: Network and Information Security and Privacy. Session 3: Information Security Methodology. Presenter: Freddy Tan
Module 6: Network and Information Security and Privacy Session 3: Information Security Methodology Presenter: Freddy Tan Learning Objectives Understanding the administrative, physical, and technical aspects
More informationChapter 18: Evaluating Systems
Chapter 18: Evaluating Systems Goals Trusted Computer System Evaluation Criteria FIPS 140 Common Criteria SSE-CMM Slide #18-1 Overview Goals Why evaluate? Evaluation criteria TCSEC (aka Orange Book) FIPS
More informationNIST Designation of CABs: Upcoming Changes for the US and EU Review for Japan
NIST Designation of CABs: Upcoming Changes for the US and EU Review for Japan Japan MRA Workshop March 2, 2016 Presented by Ramona Saar Program Manager, NIST Version updated 2/26/2016 Topics Introduction:
More informationAnyConnect Secure Mobility Client for Windows 10
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 AnyConnect Secure Mobility Client
More informationCommon Criteria Evaluation and Validation Scheme for. Information Technology Laboratory DRAFT
59 Common Criteria Evaluation and Validation Scheme for Information Technology Security Validation Body Standard Operating Procedures Scheme Publication #2 DRAFT Version 1.5 May 2000 National Institute
More informationCertification Report
Certification Report Symantec Security Information Manager 4.8.1 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government
More informationCisco IoT Industrial Ethernet and Connected Grid Switches running IOS
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report Cisco Systems, Inc. 170 West Tasman Drive, San Jose, CA 95134-1706 Cisco IoT Industrial Ethernet
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report
National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report Delta Security Technologies Sentinel Model III Computer Security System Report Number: CCEVS-VR-02-0023
More informationCommon Criteria Certification (ISO15408) Update
Common Criteria Certification (ISO15408) Update November 2012 Eecutive Summary This document is intended to eplain the purpose and goals of Common Criteria certification. It will cover the overall direction
More informationAccreditation Criteria For Conformity Assessment Bodies
Page 1 of 8 Reviewed by: Getnet Tsigemalak Approved by: Araya Fesseha Position: Quality Manager Position: Director General Signature: Signature: Contents Page 1 Purpose and Scope... 2 2 References... 2
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme TM Validation Report for the Cisco Jabber 11.8 for Windows 10 Report Number: CCEVS-VR-10802-2017 Dated: 6/13/2017
More informationPARTNERING WITH THE REGULATORS: The Role for 3rd Party Accreditation in Food Safety
PARTNERING WITH THE REGULATORS: The Role for 3rd Party Accreditation in Food Safety Roger Brauninger American Association for Laboratory Accreditation (A2LA), Frederick, Maryland Topics Role of Accreditation
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme. Validation Report
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme TM Validation Report Cisco Systems, Inc. 170 West Tasman Drive, San Jose, CA 95134-1706 Cisco Catalyst 2K/3K
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme. Validation Report
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme TM Validation Report Network Device collaborative Protection Profile (NDcPP) Extended Package VPN Gateway Version
More informationCertification Report
Certification Report Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security Establishment,
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme TM Validation Report for the Apple ios 11 VPN Client on iphone and ipad Report Number: CCEVS-VR-VID10876 Dated:
More informationCertification Report
Certification Report Standard Edition v2.8.2 RELEASE Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of
More informationSecurity Management Models And Practices Feb 5, 2008
TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme. Validation Report
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report Network Device Protection Profile (NDPP) Extended Package SIP Server, Version 1.1, November
More informationACCAB. Accreditation Commission For Conformity Assessment Bodies
ACCAB Accreditation Commission For Conformity Assessment Bodies ACCAB Platinum Plus Accreditation For Certification Bodies, Inspection Bodies, Testing & Calibration Laboratories and Medical Laboratories
More informationCertification Report
Certification Report EAL 4+ Evaluation of Firewall Enterprise v8.2.0 and Firewall Enterprise Control Center v5.2.0 Issued by: Communications Security Establishment Canada Certification Body Canadian Common
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 18/EN WP261 Article 29 Working Party Draft Guidelines on the accreditation of certification bodies under Regulation (EU) 2016/679 Adopted on 6 february 2018 1 THE
More informationCertification Report
Certification Report EAL 4+ Evaluation of WatchGuard and Fireware XTM Operating System v11.5.1 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation
More informationICNDT WG1 on qualification and certification efforts on global harmonization of the process of personnel certification
19 th World Conference on Non-Destructive Testing 2016 ICNDT WG1 on qualification and certification efforts on global harmonization of the process of personnel certification Alexander MULLIN 1 1 RTC Testing
More informationNational Information Assurance Partnership
National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report For VMware ESX Server 2.5.0 and VirtualCenter 1.2.0 Report Number: CCEVS-VR-06-0013 Dated:
More informationACCREDITATION: A BRIEFING FOR GOVERNMENTS AND REGULATORS
ACCREDITATION: A BRIEFING FOR GOVERNMENTS AND REGULATORS Accreditation is continuously gaining recognition as an important technical tool in the delivery of objectives across an increasing range of policy
More informationConformity Assessment Schemes and Interoperability Testing (1) Keith Mainwaring ITU Telecommunication Standardization Bureau (TSB) Consultant
Conformity Assessment Schemes and Interoperability Testing (1) Keith Mainwaring ITU Standardization Bureau (TSB) Consultant Moscow, 9-11 november 2011 Contents The benefits of conformity assessment Conformity
More informationJuniper Networks EX3200 and EX4200 Switches running JUNOS 9.3R2
122 ASSURANCE MAINTENANCE REPORT MR2 (supplementing Certification Report No. CRP248 and Assurance Maintenance Report MR1) Juniper Networks EX3200 and EX4200 Switches running JUNOS 9.3R2 Version 9.3R2 Issue
More informationThe emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18
The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18 European Union Agency for Network and Information Security
More informationD4 Secure VPN Client for the HTC A9 Secured by Cog Systems
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report Cog Systems Level 1, 277 King Street Newton NSW 2042 Australia D4 Secure VPN Client for the
More informationInformation Technology Branch Organization of Cyber Security Technical Standard
Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:
More informationInternational Accreditation Forum, Inc. User Advisory Committee UAC
International Accreditation Forum, Inc. User Advisory Committee UAC UAC Position Paper UAC- N018 Users Expectations of Accreditation, of the Multilateral Recognition Arrangement (MLA) between Accreditation
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme. Validation Report
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report Protection Profile for Voice over IP (VoIP) Applications, Version 1.3, November 3, 2014 TM
More informationASSURANCE MAINTENANCE REPORT MR3 (supplementing Certification Report No. CRP248) Version 9.3R1. Issue 1.0 April 2011
122 ASSURANCE MAINTENANCE REPORT MR3 (supplementing Certification Report No. CRP248) Juniper Networks M7i, M10i, M40e, M120, M320, T320, T640, T1600, MX240, MX480 and MX960 Services Routers and EX3200,
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report
National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report U. S. Government Protection Profile Database Management System for Basic Robustness Environments,
More informationISA Security Compliance Institute
ISA Security Compliance Institute ISASecure from an Asset Owner s perspective ISA Automation Week 2013 1 ISA Security Compliance Institute Presentation objectives Introduction to ISA/IEC 62443 Standards
More informationCommon Criteria. Introduction Emilie Barse Magnus Ahlbin
Common Criteria Introduction 2015-02-23 Emilie Barse Magnus Ahlbin 1 Magnus Ahlbin Head of EC/ITSEF Information and Security Combitech AB SE-351 80 Växjö Sweden magnus.ahlbin@combitech.se www.combitech.se
More informationIT Security Evaluation and Certification Scheme Document
IT Security Evaluation and Certification Scheme Document June 2015 CCS-01 Information-technology Promotion Agency, Japan (IPA) IT Security Evaluation and Certification Scheme (CCS-01) i / ii Table of Contents
More informationITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability. Session 2: Conformity Assessment Principles
ITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability Session 2: Conformity Assessment Principles 12-16 October 2015 Beijing, China Keith Mainwaring ITU Expert Agenda 1. Context
More informationJuniper Networks J2300, J2350, J4300, M7i and M10i Services Routers running JUNOS 8.5R3
122 ASSURANCE MAINTENANCE REPORT MR3 (supplementing Certification Report No. CRP237 and Assurance Maintenance Reports MR1 and MR2) Juniper Networks J2300, J2350, J4300, M7i and M10i Services Routers running
More informationSecurity System and COntrol 1
Security System and COntrol 1 Security Management By: Joseph Ronald Canedo It is a Risky World Vulnerabilities Security objectives: Prevent attacks Detect attacks Recover from attacks Attacks: against
More informationDiscontinuing the Metallic Handcuffs Compliance Testing Program and Request for
This document is scheduled to be published in the Federal Register on 09/14/2016 and available online at https://federalregister.gov/d/2016-22057, and on FDsys.gov Billing Code: 4410-18 DEPARTMENT OF JUSTICE
More informationNational Cybersecurity Center of Excellence (NCCoE) Mobile Application Single Sign
This document is scheduled to be published in the Federal Register on 11/29/2016 and available online at https://federalregister.gov/d/2016-28627, and on FDsys.gov Billing Code: 3510-13 DEPARTMENT OF COMMERCE
More informationInternational Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management. Frequently Asked Questions
November 2002 International Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management Introduction Frequently Asked Questions The National Institute of Standards and Technology s
More informationBetter Regulatory Outcomes & the CASCO Toolbox
2011/SOM1/SCSC/CON1/013 Session 8 Better Regulatory Outcomes & the CASCO Toolbox Submitted by: Underwriters Laboratories 6 th Conference on Good Regulatory Practice Washington, D.C., United States 1-2
More informationThe IECEE CB Scheme facilitates Global trade of Information Technology products.
The IECEE CB Scheme facilitates Global trade of Information Technology products. WTO - Symposium on the 15th Anniversary of the Information Technology Agreement 14-15 May 2012 Pierre de RUVO Executive
More informationGuidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)
Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679) Adopted on 4 December 2018 Adopted 1 Contents 1 Introduction... 3 2
More informationSynergies of the Common Criteria with Other Standards
Synergies of the Common Criteria with Other Standards Mark Gauvreau EWA-Canada 26 September 2007 Presenter: Mark Gauvreau (mgauvreau@ewa-canada.com) Overview Purpose Acknowledgements Security Standards
More informationCertification Report
Certification Report EAL 2+ Evaluation of Tactical Network-layer Gateway (2E2 IA): a GD Canada MESHnet G2 Gateway product Issued by: Communications Security Establishment Canada Certification Body Canadian
More informationISO/IEC Accreditation: The Big Picture and Getting Started
ISO/IEC 17025 Accreditation: The Big Picture and Getting Started John Szpylka, Ph.D. Scientific Affaires Director, Chemistry N.A. AAFCO 2017 Midyear Meeting Takeaways Accreditation versus Certification
More informationRESOLUTION 47 (Rev. Buenos Aires, 2017)
Res. 47 425 RESOLUTION 47 (Rev. Buenos Aires, 2017) Enhancement of knowledge and effective application of ITU Recommendations in developing countries 1, including conformance and interoperability testing
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report
National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme NetScreen Technologies, Incorporated Report Number: CCEVS-VR-02-0027 Version 1.0 Dated: 30 November 2002 National
More informationWho is doing your calibration work?
The United Kingdom Accreditation Service Who is doing your calibration work? Are you confident that your goods and services and their component parts are based on measurements taken with correctly calibrated
More informationCertification Report
Certification Report Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security Establishment,
More informationGuide for Assessing the Security Controls in Federal Information Systems
NIST Special Publication 800-53A Guide for Assessing the Security Controls in Federal Information Systems Ron Ross Arnold Johnson Stu Katzke Patricia Toth George Rogers I N F O R M A T I O N S E C U R
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT Ixia NTO 7303 and Vision ONE v4.5.0.29 30 October 2017 383-4-409 1.0 Government of Canada. This document is the property of the Government of Canada. It shall not be
More informationThe U.S. Government s Role in Standards and Conformity Assessment
The U.S. Government s Role in Standards and Conformity Assessment ASTM International-Russian Federation on Technical Regulating and Metrology Coordinated Program Mary Saunders Chief, Standards Services
More informationIdentity Assurance Framework: Realizing The Identity Opportunity With Consistency And Definition
Identity Assurance Framework: Realizing The Identity Opportunity With Consistency And Definition Sept. 8, 2008 Liberty Alliance 1 Welcome! Introduction of speakers Introduction of attendees Your organization
More informationCybersecurity Risk Management:
Cybersecurity Risk Management: Building a Culture of Responsibility G7 ICT and Industry Multistakeholder Conference September 25 2017 Adam Sedgewick asedgewick@doc.gov Cybersecurity in the Department of
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report
National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report U.S. Government Router Protection Profile for Medium Robustness Environments Report Number:
More informationDoDD DoDI
DoDD 8500.1 DoDI 8500.2 Tutorial Lecture for students pursuing NSTISSI 4011 INFOSEC Professional 1 Scope of DoDD 8500.1 Information Classes: Unclassified Sensitive information Classified All ISs to include:
More informationMinimum Scheme Requirements to Certify Criminal Justice Restraints Described
This document is scheduled to be published in the Federal Register on 07/13/2017 and available online at https://federalregister.gov/d/2017-14638, and on FDsys.gov Billing Code: 4410-18 DEPARTMENT OF JUSTICE
More informationCertification Report
Certification Report Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security Establishment,
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT CA Privileged Access Manager Version 2.5.5 v1.2 8 August 2016 FOREWORD This certification report is an UNCLASSIFIED publication, issued under the authority of the Chief,
More informationAn introduction to the National Voluntary Laboratory Accreditation Program
An introduction to the National Voluntary Laboratory Accreditation Program Sally Bruce, Chief for the National Voluntary Laboratory Accreditation Program (NVLAP) NIST Headquarters Gaithersburg, MD The
More informationCertification Report
Certification Report Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security
More informationWhere is the EU in cloud security certification?: Main findings
WE CAN DO SO MUCH TOGETHER Where is the EU in cloud security certification?: Main findings Certification schemes for cloud computing SMART 2016 / 0029 Leire Orue-Echevarria TECNALIA December 11 th, 2017
More informationACCREDITATION COMMISSION FOR CONFORMITY ASSESSMENT BODIES
ACCREDITATION COMMISSION FOR CONFORMITY ASSESSMENT BODIES ACCREDITATION SCHEME MANUAL Document Title: Document Number: Various Accreditation Schemes ACCAB-ASM-7.0 CONTROLLED COPY Revision Number Revision
More informationSamsung Electronics Co., Ltd. Samsung Galaxy Note 5 & Galaxy Tab S2 VPN Client
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report Samsung Electronics Co., Ltd. 416 Maetan-3dong, Yeongtong-gu, Suwon-si, Gyeonggido, 443-742
More informationCertification Report
Certification Report EAL 2+ Evaluation of Service Router Operating System (SR OS) v7.0 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and
More informationThe IECEx Ticket to Global Markets
The IECEx Ticket to Global Markets Extract from the tutorial at PCIC Europe 2008 Rudolf Pommé KEMA Quality NL Karel Neleman BARTEC NL With special thanks to co-authors: Mario Colpa BACAB CH Frédérique
More informationProcedure for Network and Network-related devices
Lloyd s Register Type Approval System Type Approval Requirements for components within Cyber Enabled Systems on board Ships Procedure for Network and Network-related devices September 2017 1 Reference:
More informationU.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan
U.S. Japan Internet Economy Industry Forum Joint Statement 2013 October 2013 Keidanren The American Chamber of Commerce in Japan In June 2013, the Abe Administration with the support of industry leaders
More informationCertification Report
Certification Report Curtiss-Wright Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications
More informationSwedish Scheme Update Dag Ströman, Head of CSEC
Swedish Scheme Update Dag Ströman, Head of CSEC 1 CSEC - The Legal Base Swedish Parliament approval of the Government bill in May 2002, which stated: The Swedish Defence Materiel Administration, FMV, is
More informationProcess for the Evaluation and Acceptance of Building Products in the USA
Process for the Evaluation and Acceptance of Building Products in the USA Rick Okawa, P.E. Deputy Vice President of Global Services and Business Development An Integrated Building System Product Certification
More informationSeagate Supply Chain Standards and Operational Systems
DATA IS POTENTIAL Seagate Supply Chain Standards and Operational Systems Government Solutions Henry Newman May 9 2018 Supply Chain Standards and Results Agenda 1. 2. SUPPLY CHAIN REQUIREMENTS AND STANDARDS
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT WorkCentre 7525/7530/7535/7545/7556 with FIPS 140-2 Compliance over SNMPv3 25 July 2016 v1.0 383-4-371 Government of Canada. This document is the property of the Government
More informationNational Information Assurance Partnership
National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report Protection Profile for IPsec Virtual Private Network (VPN) Clients, Version 1.1 Report Number:
More information