Bangalore, India,17-18 December 2012 Sustainable Broadband Communications: International Perspective – Common Criteria David Martin, Head of International.

Slides:

Advertisements

Similar presentations

West London Alliance London Councils Delivering Apprenticeship Opportunities in the Supply Chain 21 st June

Advertisements

National Information Assurance Partnership Paul Mansfield January 2013

Roadmap for Sourcing Decision Review Board (DRB)

BS 8903 Your route to full competence. About BS 8903 BS 8903 is the first standard in the world to define and describe best practice in sustainable procurement.

Digital Agenda Unleashing the Potential of Cloud Computing in Europe Ken Ducatel Head of Unit Software and Services, Cloud European Commission (Directorate.

Page 2 Agenda Page 3 History –Blue Print, 2000 –GIS Process 1.2, 2001 (training only) –GIS Process 2.0, (ITIL based - not implemented) –Supply/Demand.

Latest developments Merih Malmqvist Nilsson, ILAC Vice Chair

Revision of AS 4708 and AS  AFSL announces the 5-yearly revision process of the Australian Standards for Sustainable Forest Management (AS 4708)

International Federation of Accountants International Education Standards for Professional Accountants Mark Allison, Executive Director Institute of Chartered.

The COUNTER Code of Practice for Books and Reference Works Peter Shepherd Project Director COUNTER UKSG E-Books Seminar, 9 November 2005.

Delivery Business Solutions April 29, Nashville PMI Symposium April 29, 2013 Stephanie Dedmon, PMP Director, Business Solutions Delivery Department.

Bangalore, India,17-18 December 2012 Sustainable Broadband Communications: International Perspective – Common Criteria David Martin, Head of International.

Common Criteria National Information Assurance Partnership Evaluation of Mobile Technology Janine Pedersen 1.

EVALUATION AND QUALITY ASSURANCE STRATEGY PRESENTED BY DR SHYAM PATIAR.

Text and data mining for non-commercial research: the UK’s planned exception to copyright UK Government 22 April 2013, Brussels.

National Workshop Gap Analysis on Implementation of MRA on Tourism Professionals and Feasibility Study for the Establishment of a Regional Secretariat.

Documenting Network Design

ISO 9001:2015 Revision overview - General users

1 Next Generation ISO Susan LK Briggs Presented to EFCOG/DOE EMS Implementation, Lessons Learned & Best Practices Training Workshop, 3/05.

International Aerospace Quality Group The Initiatives of the International Aerospace Quality Group (IAQG) Steve Shepherd ~ European Sector Leader.

May Agenda  PeopleSoft History at Emory  Program Governance  Why Upgrade Now?  Program Guiding Principles  High-Level Roadmap  What Does This.

DG Environment Green Public Procurement in UK Green public procurement (GPP) - Lead the change National Conference Barbara Morton 08 April 2010 Vilnius,

Respond, Deliver & Enable Membership development report Annual Members’ Meeting 17 September 2008 Margaret Green Deputy Chairman Council of Governors Pauline.

Atlanta Public Schools Project Management Framework Proposed to the Atlanta Board of Education to Complete AdvancED/SACS “Required Actions” January 24,

Do it pro bono. Competitor/Collaborator Analysis Service Grant The Strategy Management Practice is presented by Wells Fargo. The design of the Competitor/Collaborator.

London Membership MeetingWashington Membership Meeting24 October 2007 The Coalition since London, October 2007 Semi-annual Membership Meeting Washington.

Watertown Public Schools School Committee June 24, 2013 Jean M. Fitzgerald, Ed.D. Superintendent Report on Goals.

Audatex Technical Committee. Mission Statement To provide a transparent, objective examination of matters of a technical nature relating to Audatex solutions.

Experiences with registrations - 5 years on the road On the REACH Road 23 November 2011 Kevin Pollard ECHA – Dossier Submission and Dissemination.

Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.

© 2011 Mobile VCE The Virtual Centre of Excellence ::industry led:: ::research, innovation & application::

ANSI Conference on U.S. Leadership in ISO and IEC Presented by Dr. Carmiña Londoño Group Leader, Global Standards and Information Group, National.

Getting Involved in the Research Data Alliance Stefanie Kethers

1 Omissions and errors in the CC Who got it right? 8ICCC Denise Cater.

NIEM Domain Awareness June 2011 Establishing a Domain within NIEM.

1 18 March 2010AGNA meeting EASAC update Yves Morier.

International Aerospace Quality Group The Initiatives of the International Aerospace Quality Group (IAQG) Steve Shepherd ~ European Sector Leader.

Commissioning Self Analysis and Planning Exercise activity sheets.

20 October 2015 © The Marketing Practice 2008 Win-based marketing Tools that marketing could deliver in support of major bids.

Item 5d Texas RE 2011 Budget Assumptions April 19, Texas RE Preliminary Budget Assumptions Board of Directors and Advisory Committee April 19,

Forum on Greening Mobile Devices: Building Eco-Rating Schemes Daniela Torres Global Head of Green ICT & Environment, Telefónica S.A Associate Rapporteur.

20th AIAA Advanced Measurement and Ground Testing Technology Conference Lessons Learned in AIAA Working Group Development E. Allen Arrington Dynacs/NASA.

Bangalore, India,17-18 December 2012 Day 1 – Highlights & Way Forward Kiritkumar P. LATHIA, C.Eng., Fellow IET Consultant, CTiF, Aalborg University, DK.

Devon & Cornwall Police Authority Strategic Review November 2010.

Digital Agenda Unleashing the Potential of Cloud Computing in Europe Ken Ducatel Head of Unit DG Connect, Software and Services, Cloud 05 December 2012.

International Aerospace Quality Group The Initiatives of the International Aerospace Quality Group (IAQG) Steve Shepherd ~ European Sector Leader.

1 Not So Strange Bedfellows: Information Standards For Librarians AND Publishers November 6, 2015.

GISFI_Scope of Standardization ITU Workshop on Standards and IPR Issues, New Delhi 1 IPR Issues: A GISFI Perspective ITU Workshop on Standards and IPR.

Digital Ecosystems Re-tuning the user requirements after 3 years Digital Ecosystems Re-tuning the user requirements after 3 years Towards Business Cases.

Standardisation in India Arun Golas DDG (T&A) TEC, DoT, India Joint ITU-GISFI Workshop on “Bridging the Standardization Gap: Workshop on.

CONFERENCE IMPLEMENTATION OF MARKETS IN FINANCIAL INSTRUMENTS DIRECTIVE -MiFID- Split, June 2007 OPENING SPEECH Ante Samodol President of the Board.

Security WG: Report of the Fall 2003 Meeting October 28, 2003 Howard Weiss, NASA/JPL/SPARTA.

The new ISO / CEN standard on sustainable and traceable cocoa ICCO Workshop on Certification Douala, June 25th 2013 Jack Steijn Chair of CEN TC 415.

Major Project Governance Assessment Toolkit Mark Ritchie, University of Edinburgh Pauline Woods-Wilson, Lancaster University Project and Change Management.

Mobile Broadband B3G for Professionals By Alan Dearlove Radtel Services and Steffen Ring Director, M.Sc.E.E. Chairman Project MESA Steering Committee.

9 th International Common Criteria Conference Report to IEEE P2600 WG Brian Smithson Ricoh Americas Corporation 10/24/2008.

EIAScreening6(Gajaseni, 2007)1 II. Scoping. EIAScreening6(Gajaseni, 2007)2 Scoping Definition: is a process of interaction between the interested public,

Work Plan Work Plan Management (Document 21)

Data access and sharing policies Ecosystem Approach Community of Practice (EA-CoP) Data access and sharing policies Towards the finalization of the document.

Cyber Risk Presentation to the Board of Directors

44th Meeting of the Standing Committee Bonn, Germany, October 2015 Report on activities of the Strategic Plan Working Group Ines Verleye,

APPA – Term 3 Breakfast Session

Mopria Alliance and the Printer Working Group

9th International Common Criteria Conference Report to IEEE P2600 WG

Title of presentation Verdana 32

ETSI Standardization Activities on Smart Grids

DSC Contract Management Committee Meeting

Building the Single Market for Green Products (SMGP)

Technical Guidelines for the Development of International Standards for Small Hydropower Plants DONG Guofeng ICSHP 7 November, 2018.

Presentation transcript:

Bangalore, India,17-18 December 2012 Sustainable Broadband Communications: International Perspective – Common Criteria David Martin, Head of International Assurance, Common Criteria Scheme Director, CESG, UK, Joint ITU-GISFI Workshop on “Bridging the Standardization Gap: Workshop on Sustainable Rural Communications” (Bangalore, India, December 2012)

David Martin Involved in Information Assurance Standards for many years Chair of International Common Criteria Development Board Scheme Director for the UK Common Criteria Scheme (operated by UK government) Representing UK Scheme - reporting on new CC vision statement Bangalore, India,17-18 December

3 Common Criteria - Background Standards for Assurance of IT Product Security 26 Nations (more to come) 16 Nations evaluate/certify products Also an ISO standard (15408 and 18045) Run by a Management Committee (with an executive to support) and a Development Board

Bangalore, India,17-18 December Common Criteria – The Value Manufacturers do not have to evaluate products in multiple places. Evaluation is very expensive in time and money Good cyber defence (and sustainable telecom) needs many more products evaluated All nations agree and procure to the common standard Industry involvement (CCUF)

Bangalore, India,17-18 December Common Criteria – New Vision – Rationale -1 CC usage has been little changed for more than 12 years A number of nations found that:- The focus on ‘assurance level (EAL)’ was damaging product security Not enough products are evaluated - Cyber defence needs many more Expertise is applied in the wrong place, inconsistently, and without wide peer review.

Bangalore, India,17-18 December Common Criteria – New Vision – Rationale -2 Smartcard Community has developed a very effective way of using CC Work has taken place to support a similar approach for general IT products Resulting in the CCMC (management Committee) vision statement – published in September 2012

Bangalore, India,17-18 December For more information Common Criteria Portal: The vision statement links from the front page Other links show the products, schemes, operating documents etc. Also see CCUF at

Existing Approach Bangalore, India,17-18 December

New Approach Bangalore, India,17-18 December

Technical Communities Bangalore, India,17-18 December

Much quicker and more effective Bangalore, India,17-18 December Time

Meeting virtually Bangalore, India,17-18 December

Bespoke design/evaluation Bangalore, India,17-18 December

Better to have known standards Bangalore, India,17-18 December

Other Important developments Common view on cryptography Security Configuration Automation Strong Linkage to Vulnerability/Weakness reporting Supply Chain working group Consistent Government Procurement (and other major users) – addressing what ‘recognition’ really means Bangalore, India,17-18 December

Common support for procurement Bangalore, India,17-18 December

Procurement Links Provide developers with larger market Lower cost and better products Recognise there may be additional national needs These are likely to be <5% of market Major requirement is common and delivered by evaluation anywhere Bangalore, India,17-18 December

Bangalore, India,17-18 December Common Criteria – New Vision – Summary More assurance than a simple ‘EAL approach’ Uses worldwide expertise, instead of relying on single ‘expert’ Open, Transparent, Repeatable – as befitting an International Standard Step change in volume – better for cyberdefence Lowers procurement costs

Bangalore, India,17-18 December Further detail First International Technical Community about to launch – based on USB storage device Many more to follow next year Already many TCs exist (mostly US based)

Example TC Areas Networking (NDPP, Firewalls, VPNs, etc) Storage (USB, Hard disks, etc) Applications on Operating systems Mobile telecoms (VOIP, SIP, MDM, etc) Multifunction devices (printers etc.) Bangalore, India,17-18 December

Process to form an iTC Not yet fully defined but likely to be:- Work with national bodies to formulate an ESR (Essential Security Requirements) Obtain commitment Start iTC – using CCUF etc. Publish cPP (and supporting documents) Continual update Bangalore, India,17-18 December

Outline Process & Detail Notes (1) Request iTC formation Initiate iTC Solicit iTC members CCDB CCUF CCMC CCDB Work Group Create ESR Draft ToRs Agree initial iTC Chair & hold initial meeting Establish levels of commitment & Committed Nations portal iTC entry Define Workplan Define ToRs Elect Chair Define infrastructure

Outline Process & Detail Notes (2) Levels of commitment: Intention to Adopt – Mandated Intention to Adopt – Recommended Uncommitted Opposed Only those with an Intention to Adopt can vote on ESR contents. Intention to Adopt is refreshed every 6 months (by CCDB) as part of monitoring progress. Levels may change, but reducing commitment requires a rationale.

Bangalore, India,17-18 December GISFI Applicability 3GPP discussion – potential development of cPPs Could extend to system approaches Key is to have the real technical expertise setting the standards CCRA maintains the fairness, the reliability/reputation, and the worldwide recognition for vendors 3GPP sets the technical standards

Conclusions and Recommendations This time of change for CCRA is a good time to get involved! Look at Join CCUF (no cost) Great opportunity for 3GPP to use CCRA for its needs (become an international Technical Community) Liaison request from GISFI Bangalore, India,17-18 December