Presentation is loading. Please wait.

Presentation is loading. Please wait.

8ICCC Update for IEEE P2600 Brian Smithson Ricoh Americas Corporation

Published byHilary Doyle Modified over 6 years ago

Similar presentations

Presentation on theme: "8ICCC Update for IEEE P2600 Brian Smithson Ricoh Americas Corporation"— Presentation transcript:

1 8ICCC Update for IEEE P2600 Brian Smithson Ricoh Americas Corporation
Cupertino, California, US

2 Agenda General information Potential interest to P2600 Plugs for P2600
Most of the presentations are now available Potential interest to P2600 “Update on the US scheme” “Composite evaluation” (different from Composition) “Optional security requirements and functions” “CC3.1 release 2” Plugs for P2600 “How vendor involvement can improve CC” “P2600, breaking new ground…”

3 “Update on the US scheme”
2007 Program resources severely constrained Validation Oversight Reviews instead of continuous oversight Only accepted Medium or High Robustness PP-compliant products Initiated fee-for-service (legislation approved, fees posted for comment) 2008 Continue to maintain program with constrained resources Focus on PP-compliant and EAL4 evaluations Research / implement methods for increasing efficiency, consistency, value Common Criteria Testing Labs 8 accredited labs 3 candidate labs (BKP, BT, DIAL) Products (Aug 07) 149 products “in evaluation” 210 product certificates issued to date Protection Profiles (PPs) 42 Validated PPs 24 U.S. Government PPs being converted to CC V3.1 8 of the U.S. Government PPs are being sunsetted

4 “Composite evaluation” (different from Composition)
Presented by T-Systems, uses refinement of EAL SARs

5 “Optional security requirements and functions”
Presented by SAIC Proposes a way to handle options at time of purchase, installation, or use Presence or absence of components (e.g. Solaris Trusted Extensions) Enabled or disabled functions (e.g. network services or licensed features) Supporting components in the operational environment (e.g. platform, LDAP or DBMS services, client browsers) Focuses on STs, but similar concepts could apply to PPs Acknowledges that there can be combinatorial issues

6 “CC3.1 release 2” Changes are coming from: Mostly editorial
CCRA comments: 98 patches JTC/1 SC27 WG3: 121 patches Mostly editorial User data vs TSF data definitions: update User data and TSF data definition, to remove the source as discriminating criteria Some management recommendations changed One significant relevant change: FPT_AMT.1 (abstract machine testing) deleted, no longer dependency of FPT_TST.1 FPT_TEE.1 (testing of external entities) added, should be considered for P2600 in addition/replacement to FPT_TST.1 Will be published with and without change marks It will be ISO/IEC n:2006 (or 2007?) Not sure when drafts will be officially published

7 Plugs for P2600 “How vendor involvement can improve CC”
Wesley Higaki of Symantec cited “smart card and copier vendors” as driving PP development for their industries “IEEE P2600, breaking new ground… Was generally well received

Download ppt "8ICCC Update for IEEE P2600 Brian Smithson Ricoh Americas Corporation"

Similar presentations

IEEE- P2600 PP Validation Suggested Process and Update Members: Ron Nevo, Brian Smithson, Alan Sukert, Lee Farrell, Nancy Chen, Carmen Aubry, Peter Cybuck.

IEEE- P2600 PP Validation Suggested Process and Update Members: Ron Nevo, Brian Smithson, Alan Sukert, Lee Farrell, Nancy Chen, Carmen Aubry, Peter Cybuck.
The Common Criteria for Information Technology Security Evaluation

The Common Criteria for Information Technology Security Evaluation
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.

The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
1 James Arnold/ Terrie Diaz 25 September 2007 Common Criteria: Optional Security Requirements and Functions?

1 James Arnold/ Terrie Diaz 25 September 2007 Common Criteria: Optional Security Requirements and Functions?
October 3, 20031 Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.

October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.
Systems Engineering in a System of Systems Context

Systems Engineering in a System of Systems Context
1 Terrie Diaz/ James Arnold 27 September 2007 Threats, Policies, and Assumptions in the Common Criteria What is the target of evaluation anyhow?

1 Terrie Diaz/ James Arnold 27 September 2007 Threats, Policies, and Assumptions in the Common Criteria What is the target of evaluation anyhow?
SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.

SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.
OneM2M Draft proposal for slide set. This is not intended to be a oneM2M presentation. It is a collection of source material slides which can be used.

OneM2M Draft proposal for slide set. This is not intended to be a oneM2M presentation. It is a collection of source material slides which can be used.
Patch Management Module 13. Module 2-421 You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.

Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.
SDLC: System Development Life Cycle cs5493. SDLC Classical Model Linear Sequential – Aka waterfall model.

SDLC: System Development Life Cycle cs5493. SDLC Classical Model Linear Sequential – Aka waterfall model.
Comparison between Family of PPs and PP with Packages Brian Smithson and Ron Nevo.

Comparison between Family of PPs and PP with Packages Brian Smithson and Ron Nevo.
ISO 9001:2015 Revision overview - General users

ISO 9001:2015 Revision overview - General users
Assurance Continuity: What and How? Nithya Rachamadugu September 25, 2007.

Assurance Continuity: What and How? Nithya Rachamadugu September 25, 2007.
Web Development Process Description

Web Development Process Description
© 2010 VMware Inc. All rights reserved Patch Management Module 13.

© 2010 VMware Inc. All rights reserved Patch Management Module 13.
An Investigation of Oracle and SQL Server with respect to Integrity, and SQL Language standards Presented by: Paul Tarwireyi Supervisor: John Ebden Date:

An Investigation of Oracle and SQL Server with respect to Integrity, and SQL Language standards Presented by: Paul Tarwireyi Supervisor: John Ebden Date:
Introduction to the ISO 27000 series ISO 27000 – principles and vocabulary (in development) ISO 27001 – ISMS requirements (BS7799 – Part 2) ISO 27002 –

Introduction to the ISO series ISO – principles and vocabulary (in development) ISO – ISMS requirements (BS7799 – Part 2) ISO –
Background. History TCSEC Issues non-standard inflexible not scalable.

Background. History TCSEC Issues non-standard inflexible not scalable.
OpenSG Conformity IPRM Overview July 20, 2011. ITCA goals under the IPRM at a high level and in outline form these include: Organize the Test and Certification.

OpenSG Conformity IPRM Overview July 20, ITCA goals under the IPRM at a high level and in outline form these include: Organize the Test and Certification.

Similar presentations

Ads by Google