Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Grand Goal: One Evaluation Per Planet

Published byนาค เคนเนะดิ Modified over 5 years ago

Similar presentations

Presentation on theme: "The Grand Goal: One Evaluation Per Planet"— Presentation transcript:

1 The Grand Goal: One Evaluation Per Planet
Roger Allan French Compaq Computer Corporation 10 MAY 2001

2 Agenda Definition of the Grand Goal
Brief History of IT Security Evaluations Needed Parts for the Goal Shortfalls and Prospects To Sign or Not To Sign the MRA? Questions, and maybe Some Answers

3 The Grand Goal Defined Too Much Money Evaluations are Expensive
Too Many Resources Too Much Time 200 Countries = 200 Evaluations = 200 Versions 1 Evaluation / Planet Evaluate Once, Use Everywhere Less Money, Resources, and Time More Understanding and Assurance

4 A Very Brief History of IT Security Evaluations
National Books The Orange Book The Green Book The Blue and White Book The CTCPEC First International Criteria ITSEC (and ITSEM) The Federal Criteria US and Canada (but no more) The Common Criteria

5 The Common Criteria CCEB (Editorial Board) Parts
Overview, Functions, and Assurance Scheme CC  PP  Evaluation  ST  Product User Developed Protection Profiles ISO/IEC/JTC1/SC27/WG3 Competition CCIB and then CCIMB ISO 15408

6 A Protection Profile User Requirement
e-Commerce, e-government, industry, user For example: Czech Army Protection Profile Statement of Combined Needs Agreement Procurement Conformance Standard/Spec Conformance

7 Parts of the Grand Goal A Common Lexicon A Common Criteria
A Common Evaluation Methodology A Common Repository Mutual Recognition

8 Existing Parts of the Grand Goal
A Common Lexicon The CC uses dictionaries, ISO glossary, other security references, and its own A Common Criteria ISO 15408 A Common Evaluation Methodology CCIMB/CEM (in process) A Common Repository AFNOR/PPR and ISO/PPRP Mutual Recognition MRA (13 countries so far)

9 Shortfalls and Prospects
Complex Criteria / 900 page document No Method to Update/Fix No Common Evaluation Methodology Extensive Assurance National Differences Military Prospective Accreditation vs. Evaluation and more ...

10 To Sign or Not To Sign MRA?
The Mutual Recognitions Arrangement 13 Countries, expect more Customer Countries If a Country Signs, Recognize/Recognized If You Don’t Sign, ….. Recognize Anyway Before You Sign, ….. History of Evaluation

11 My Conclusions The Common Criteria is the only ‘common’ criteria you will see in the next 10 years. It’s not ‘common’ enough. The Shortfalls Need to be Fixed. Fixing the Shortfalls is Worth the Effort. The Grand Goal is almost possible.

12 The International Common Criteria Conference
ICCC – MAY 2000 600 Participants out of 1,000 + 7-page Summary Report Available In English In Polish 2nd ICCC JULY 2001 Brighton, U.K.

13 Questions Answers I don’t know. I think so. I’ll get back to you.
Yes, definitely Probably not. No! I don’t understand the question. That’s a good question, next question.

14 Roger Allan French roger.french@compaq.com (phone) 01 603 884-4348
(fax) Compaq Computer ZKO3-2/T55 110 Spit Brook Road Nashua, NH U.S.A.

Download ppt "The Grand Goal: One Evaluation Per Planet"

Similar presentations

Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA.

Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA.
© Crown Copyright (2000) Module 3.2 Evaluation Management.

© Crown Copyright (2000) Module 3.2 Evaluation Management.
Sony Smart Cards and International Evaluation 2 nd Common Criteria Conference London, UK 18-19 July 2001 i-Card System Solutions Division Broadband Network.

Sony Smart Cards and International Evaluation 2 nd Common Criteria Conference London, UK July 2001 i-Card System Solutions Division Broadband Network.
Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.

Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.
Latest developments Merih Malmqvist Nilsson, ILAC Vice Chair

Latest developments Merih Malmqvist Nilsson, ILAC Vice Chair
International Recognition System for Accreditation

International Recognition System for Accreditation
The 7 Year Itch - Time To Commit Or Time To Move On? Shaun Lee Security Evaluations Manager, Global Product Security.

The 7 Year Itch - Time To Commit Or Time To Move On? Shaun Lee Security Evaluations Manager, Global Product Security.
1 © Cooley Godward 2001 PKI A SSESSMENT The process of evaluating, verifying, and certifying your PKI Presented by: Randy V. Sabett Vanguard Enterprise.

1 © Cooley Godward 2001 PKI A SSESSMENT The process of evaluating, verifying, and certifying your PKI Presented by: Randy V. Sabett Vanguard Enterprise.
1 Common Criteria Ravi Sandhu. 2 Common Criteria International unification CC v2.1 is ISO 15408 Flexibility Separation of Functional requirements Assurance.

1 Common Criteria Ravi Sandhu. 2 Common Criteria International unification CC v2.1 is ISO Flexibility Separation of Functional requirements Assurance.
Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.

Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.
The Common Criteria for Information Technology Security Evaluation

The Common Criteria for Information Technology Security Evaluation
IT Security Evaluation By Sandeep Joshi

IT Security Evaluation By Sandeep Joshi
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.

The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
An Overview of Common Criteria Protection Profiles María M. Larrondo Petrie, PhD March 26, 2004.

An Overview of Common Criteria Protection Profiles María M. Larrondo Petrie, PhD March 26, 2004.
October 3, 20031 Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.

October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.
Bangalore, India,17-18 December 2012 Sustainable Broadband Communications: International Perspective – Common Criteria David Martin, Head of International.

Bangalore, India,17-18 December 2012 Sustainable Broadband Communications: International Perspective – Common Criteria David Martin, Head of International.
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.

1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
1 Information Security Standards Gary Gaskell © 2001.

1 Information Security Standards Gary Gaskell © 2001.
Stephen S. Yau CSE 465-591, Fall 2006 1 Evaluating Systems for Functionality and Assurance.

Stephen S. Yau CSE , Fall Evaluating Systems for Functionality and Assurance.

Similar presentations

Ads by Google