8ICCC Update for IEEE P2600 Brian Smithson Ricoh Americas Corporation

Slides:



Advertisements
Similar presentations
IEEE- P2600 PP Validation Suggested Process and Update Members: Ron Nevo, Brian Smithson, Alan Sukert, Lee Farrell, Nancy Chen, Carmen Aubry, Peter Cybuck.
Advertisements

The Common Criteria for Information Technology Security Evaluation
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
1 James Arnold/ Terrie Diaz 25 September 2007 Common Criteria: Optional Security Requirements and Functions?
October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.
Systems Engineering in a System of Systems Context
1 Terrie Diaz/ James Arnold 27 September 2007 Threats, Policies, and Assumptions in the Common Criteria What is the target of evaluation anyhow?
SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.
OneM2M Draft proposal for slide set. This is not intended to be a oneM2M presentation. It is a collection of source material slides which can be used.
Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.
SDLC: System Development Life Cycle cs5493. SDLC Classical Model Linear Sequential – Aka waterfall model.
Comparison between Family of PPs and PP with Packages Brian Smithson and Ron Nevo.
ISO 9001:2015 Revision overview - General users
Assurance Continuity: What and How? Nithya Rachamadugu September 25, 2007.
Web Development Process Description
© 2010 VMware Inc. All rights reserved Patch Management Module 13.
An Investigation of Oracle and SQL Server with respect to Integrity, and SQL Language standards Presented by: Paul Tarwireyi Supervisor: John Ebden Date:
Introduction to the ISO series ISO – principles and vocabulary (in development) ISO – ISMS requirements (BS7799 – Part 2) ISO –
Background. History TCSEC Issues non-standard inflexible not scalable.
OpenSG Conformity IPRM Overview July 20, ITCA goals under the IPRM at a high level and in outline form these include: Organize the Test and Certification.
An Investigation of Oracle and SQL Server with respect to Integrity, and SQL Language standards Presented by: Paul Tarwireyi Supervisor: John Ebden.
© Mahindra Satyam 2009 Decision Analysis and Resolution QMS Training.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
U.S. Common Criteria Evaluation & Validation Scheme (CCEVS) Update 25 September 2007 Audrey M. Dale Director, NIAP CCEVS.
The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;
Paragraph 81 Project. 2RELIABILITY | ACCOUNTABILITY Background FERC March 15, 2012 Order regarding the Find, Fix, Track and Report (FFT) process  Paragraph.
Common Criteria V3 Overview Presented to P2600 October Brian Smithson.
CMSC : Common Criteria for Computer/IT Systems
TM8104 IT Security EvaluationAutumn CC – Common Criteria (for IT Security Evaluation) The CC permits comparability between the results of independent.
BLISS Problem Statement Jonathan Rosenberg Cisco.
Summary Report Project Name: Infoway Testing Environment Brief Project Description: A comprehensive testing environment platform that allows EMR vendors.
1 Using Common Criteria Protection Profiles. 2 o A statement of user need –What the user wants to accomplish –A primary audience: mission/business owner.
Copyright (C) 2007, Canon Inc. All rights reserved. P. 0 A Study on the Cryptographic Module Validation in the CC Evaluation from Vendors' point of view.
GP Confidential GlobalPlatform’s Modular Approach to its Compliance and certification.
9 th International Common Criteria Conference Report to IEEE P2600 WG Brian Smithson Ricoh Americas Corporation 10/24/2008.
Unit 9 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/17/2016 Instructor: Williams Obinkyereh.
July 2003 Brian Mathews - AbsoluteValue Systems, Glyn Roberts – ST Microelectronics IEEE doc: IEEE / Submission Publicity Committee /.15.
External Provider Control
Florida Codes and Standards
The Common Criteria for Information Technology Security Evaluation
Patch Management Module 13.
Jürgen Großmann, Fraunhofer FOKUS
Training Objectives About D2F Download Installation Configuration
UML 2.0 Compliance Points Proposal
Security SIG in MTS Fraunhofer FOKUS Tallinn, 4-5 October 2011.
IEEE 2600 Protection Profile Group
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 2 Database System Concepts and Architecture.
Standards and Certification Training
…and web frameworks in general
Unit 9 NT1330 Client-Server Networking II Date: 8/9/2016
Security SIG in MTS Fraunhofer FOKUS Tallinn, 4-5 October 2011.
9th International Common Criteria Conference Report to IEEE P2600 WG
SISAI STATISTICAL INFORMATION SYSTEMS ARCHITECTURE AND INTEGRATION
Jan Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [PAR and CSD document discussion] Date Submitted:
IEEE- P2600 PP Validation Suggested Process and Update
TGu Requirements Change Motion
Introduction of Week 11 Return assignment 9-1 Collect assignment 10-1
CEN/ISSS Workshop eURI
…and web frameworks in general
IEEE- P2600 PP Validation Suggested Process and Update
TGu Ad Hoc Agenda Date: Authors: April 2007 April 2007
Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [OFDM extension to lower data rates] Date.
IEEE- P2600 PP Guidelines Suggested Format and Content
Yesterday’s entertainment
Congestion Control Comments Resolution
Cloud Management as a Service
TGu Agenda Date: Authors: May 2006 May 2006
IT SECURITY EVALUATION ACCORDING TO HARMONIZED AND APPROVED CRITERIA
TGu/TGv Joint Meeting Date: Authors: May 2008 Month Year
Presentation transcript:

8ICCC Update for IEEE P2600 Brian Smithson Ricoh Americas Corporation Cupertino, California, US brian.smithson@ricoh-usa.com

Agenda General information Potential interest to P2600 Plugs for P2600 Most of the presentations are now available http://www.8iccc.com Potential interest to P2600 “Update on the US scheme” “Composite evaluation” (different from Composition) “Optional security requirements and functions” “CC3.1 release 2” Plugs for P2600 “How vendor involvement can improve CC” “P2600, breaking new ground…”

“Update on the US scheme” 2007 Program resources severely constrained Validation Oversight Reviews instead of continuous oversight Only accepted Medium or High Robustness PP-compliant products Initiated fee-for-service (legislation approved, fees posted for comment) 2008 Continue to maintain program with constrained resources Focus on PP-compliant and EAL4 evaluations Research / implement methods for increasing efficiency, consistency, value Common Criteria Testing Labs 8 accredited labs 3 candidate labs (BKP, BT, DIAL) Products (Aug 07) 149 products “in evaluation” 210 product certificates issued to date Protection Profiles (PPs) 42 Validated PPs 24 U.S. Government PPs being converted to CC V3.1 8 of the U.S. Government PPs are being sunsetted http://www.8iccc.com/media/doc/Update%20on%20US%20Scheme_Dale%20Audrey.ppt

“Composite evaluation” (different from Composition) Presented by T-Systems, uses refinement of EAL SARs http://www.8iccc.com/media/doc/Composite%20Evaluation%20for%20Smart%20Card%20and%20similar%20devices_Furgel%20Igor.pdf

“Optional security requirements and functions” Presented by SAIC Proposes a way to handle options at time of purchase, installation, or use Presence or absence of components (e.g. Solaris Trusted Extensions) Enabled or disabled functions (e.g. network services or licensed features) Supporting components in the operational environment (e.g. platform, LDAP or DBMS services, client browsers) Focuses on STs, but similar concepts could apply to PPs Acknowledges that there can be combinatorial issues http://www.8iccc.com/media/doc/Common%20Criteria%20Optional%20Security%20requirements%20and%20functions_Arnold%20Jr%20James%20L.%20.ppt

“CC3.1 release 2” Changes are coming from: Mostly editorial CCRA comments: 98 patches JTC/1 SC27 WG3: 121 patches Mostly editorial User data vs TSF data definitions: update User data and TSF data definition, to remove the source as discriminating criteria Some management recommendations changed One significant relevant change: FPT_AMT.1 (abstract machine testing) deleted, no longer dependency of FPT_TST.1 FPT_TEE.1 (testing of external entities) added, should be considered for P2600 in addition/replacement to FPT_TST.1 Will be published with and without change marks It will be ISO/IEC 15408-n:2006 (or 2007?) Not sure when drafts will be officially published http://www.8iccc.com/media/doc/CC%20v3.1%20release%202,%20what%20has%20changed_Banon.pdf

Plugs for P2600 “How vendor involvement can improve CC” Wesley Higaki of Symantec cited “smart card and copier vendors” as driving PP development for their industries “IEEE P2600, breaking new ground… Was generally well received

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.