Common Criteria Recognition Arrangement 8 th ICCC Rome, 25 th September 2007 Report by the MC Chairman Gen. Luigi Palagiano
Rome, 25 september The diffusion of IT systems and networks empowers the international and national exchange of information But, at the same time …. The growing connectivity among secure and insecure networks creates new opportunities for unauthorized intrusions into sensitive networks and computer systems. Introduction
Rome, 25 september Terrorists, drugs trafficker and criminal organisations will take advantage of the new high speed information technologies supporting their illegal activities
Rome, 25 september The complexity of systems and computer networks is growing faster than the ability to understand and protect them by identifying critical nodes, verifying security, and monitoring activity and intrusion attempts. System & Network complexity
Rome, 25 september Capture data related to industrial, military or national security; 2.Destroy or control information systems which are for critical infrastructures (for example: airports) 3.Information alteration Systems / Networks Threats
Rome, 25 september Security can be defined as: “Getting rid of any unacceptable risk". The risks relate the following categories of losses: Confidentiality of Information Integrity of Data and system related assets Availability of Data and Service Definition of IT Security
Rome, 25 september Assurance that information is shared only among authorized persons or organisations. Assurance that information is shared only among authorized persons or organisations. Breaches of Confidentiality can occur when data is not handled in a manner adequate to safeguard the confidentiality of the information concerned. Breaches of Confidentiality can occur when data is not handled in a manner adequate to safeguard the confidentiality of the information concerned. Confidentiality
Rome, 25 september Assurance that the information is authentic and complete. Ensuring that information can be relied upon to be sufficiently accurate for its purpose. Assuring information will not be accidentally or maliciously altered or destroyed. Integrity
Rome, 25 september Ensuring that information and service is available to authorized users, when needed. Availability
9 Rome, 25 september 2007 History of Common Criteria TCSEC (USA) Canada, first initiative NIST - MSFR 1990 Federal Criteria 1992 Common Criteria Project, 1993 Common Criteria ver. 1.0, 1996 Common Criteria ver. 2.0, 1998 ISO /06/1999 CTCPEC National and Regional European Initiatives, 1989 – 1993 ISO Initiatives 1992 ITSEC 1992
Rome, 25 september th June 1999 CC is approved as International Standard ISO History of Common Criteria
Rome, 25 september 2oo7 11 Nations taking part to the Common Criteria Recognition Arrangement AustraliaCanada GermanyGreece FinlandFrance IsraelItaly NetherlandsNew ZealandNorway SpainU.S.A.United Kingdom
Common Criteria participant Nations Australia, Canada, Finland, France, Germany, Greece, Israel, Italy, Netherland, New Zealand, Norway, Great Britain, Spain, U.S.A. Austria, Sweden Hungary, Turkey Czech Republic, Japan India, Singapore Korea, Denmark Malaysia Year (14) (2) (1) Participant nations Rome, 25 september
Variations during 2007 year New Entrant –Malaysia Status change –Sweden –Singapore Interested in adhesion to CCRA –Tunisia –Belgium 13 Rome, 25 september 2007
How are Countries divided ? Certificate Authorizing Participants –Australia - New Zealand, Canada, France, Germany, Japan, Korea, Netherland, Norway, Spain, Sweden (*), UK, USA. Certificate Consuming Participants –Austria, Czech Republic, Denmark, Finland, Greece, Hungary, Israel, Italy, India, Malaysia, Singapore, Turkey. (*) shadow certification in progress 14 Rome, 25 september 2007