Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bangalore, India,17-18 December 2012 Sustainable Broadband Communications: International Perspective – Common Criteria David Martin, Head of International.

Published byMilo Johnson Modified over 9 years ago

Similar presentations

Presentation on theme: "Bangalore, India,17-18 December 2012 Sustainable Broadband Communications: International Perspective – Common Criteria David Martin, Head of International."— Presentation transcript:

1 Bangalore, India,17-18 December 2012 Sustainable Broadband Communications: International Perspective – Common Criteria David Martin, Head of International Assurance, Common Criteria Scheme Director, CESG, UK, david.martin@cesg.gsi.gov.uk Joint ITU-GISFI Workshop on “Bridging the Standardization Gap: Workshop on Sustainable Rural Communications” (Bangalore, India, 17-18 December 2012)

2 David Martin Involved in Information Assurance Standards for many years Chair of International Common Criteria Development Board Scheme Director for the UK Common Criteria Scheme (operated by UK government) Representing UK Scheme - reporting on new CC vision statement Bangalore, India,17-18 December 2012 2

3 3 Common Criteria - Background Standards for Assurance of IT Product Security 26 Nations (more to come) 16 Nations evaluate/certify products Also an ISO standard (15408 and 18045) Run by a Management Committee (with an executive to support) and a Development Board

4 Bangalore, India,17-18 December 2012 4 Common Criteria – The Value Manufacturers do not have to evaluate products in multiple places. Evaluation is very expensive in time and money Good cyber defence (and sustainable telecom) needs many more products evaluated All nations agree and procure to the common standard Industry involvement (CCUF)

5 Bangalore, India,17-18 December 2012 5 Common Criteria – New Vision – Rationale -1 CC usage has been little changed for more than 12 years A number of nations found that:- The focus on ‘assurance level (EAL)’ was damaging product security Not enough products are evaluated - Cyber defence needs many more Expertise is applied in the wrong place, inconsistently, and without wide peer review.

6 Bangalore, India,17-18 December 2012 6 Common Criteria – New Vision – Rationale -2 Smartcard Community has developed a very effective way of using CC Work has taken place to support a similar approach for general IT products Resulting in the CCMC (management Committee) vision statement – published in September 2012

7 Bangalore, India,17-18 December 2012 7 For more information Common Criteria Portal: www.commoncriteriaportal.org www.commoncriteriaportal.org The vision statement links from the front page Other links show the products, schemes, operating documents etc. Also see CCUF at www.ccusersforum.org www.ccusersforum.org

8 Existing Approach Bangalore, India,17-18 December 2012 8

9 New Approach Bangalore, India,17-18 December 2012 9

10 Technical Communities Bangalore, India,17-18 December 201210

11 Much quicker and more effective Bangalore, India,17-18 December 2012 11 Time

12 Meeting virtually Bangalore, India,17-18 December 201212

13 Bespoke design/evaluation Bangalore, India,17-18 December 2012 13

14 Better to have known standards Bangalore, India,17-18 December 2012 14

15 Other Important developments Common view on cryptography Security Configuration Automation Strong Linkage to Vulnerability/Weakness reporting Supply Chain working group Consistent Government Procurement (and other major users) – addressing what ‘recognition’ really means Bangalore, India,17-18 December 201215

16 Common support for procurement Bangalore, India,17-18 December 201216

17 Procurement Links Provide developers with larger market Lower cost and better products Recognise there may be additional national needs These are likely to be <5% of market Major requirement is common and delivered by evaluation anywhere Bangalore, India,17-18 December 201217

18 Bangalore, India,17-18 December 2012 18 Common Criteria – New Vision – Summary More assurance than a simple ‘EAL approach’ Uses worldwide expertise, instead of relying on single ‘expert’ Open, Transparent, Repeatable – as befitting an International Standard Step change in volume – better for cyberdefence Lowers procurement costs

19 Bangalore, India,17-18 December 2012 19 Further detail First International Technical Community about to launch – based on USB storage device Many more to follow next year Already many TCs exist (mostly US based)

20 Example TC Areas Networking (NDPP, Firewalls, VPNs, etc) Storage (USB, Hard disks, etc) Applications on Operating systems Mobile telecoms (VOIP, SIP, MDM, etc) Multifunction devices (printers etc.) Bangalore, India,17-18 December 2012 20

21 Process to form an iTC Not yet fully defined but likely to be:- Work with national bodies to formulate an ESR (Essential Security Requirements) Obtain commitment Start iTC – using CCUF etc. Publish cPP (and supporting documents) Continual update Bangalore, India,17-18 December 201221

22 Outline Process & Detail Notes (1) Request iTC formation Initiate iTC Solicit iTC members CCDB CCUF CCMC CCDB Work Group Create ESR Draft ToRs Agree initial iTC Chair & hold initial meeting Establish levels of commitment & Committed Nations portal iTC entry Define Workplan Define ToRs Elect Chair Define infrastructure

23 Outline Process & Detail Notes (2) Levels of commitment: Intention to Adopt – Mandated Intention to Adopt – Recommended Uncommitted Opposed Only those with an Intention to Adopt can vote on ESR contents. Intention to Adopt is refreshed every 6 months (by CCDB) as part of monitoring progress. Levels may change, but reducing commitment requires a rationale.

24 Bangalore, India,17-18 December 2012 24 GISFI Applicability 3GPP discussion – potential development of cPPs Could extend to system approaches Key is to have the real technical expertise setting the standards CCRA maintains the fairness, the reliability/reputation, and the worldwide recognition for vendors 3GPP sets the technical standards

25 Conclusions and Recommendations This time of change for CCRA is a good time to get involved! Look at www.commoncriteriaportal.org www.commoncriteriaportal.org Join CCUF (no cost) www.ccusersforum.org www.ccusersforum.org Great opportunity for 3GPP to use CCRA for its needs (become an international Technical Community) Liaison request from GISFI Bangalore, India,17-18 December 2012 25

Download ppt "Bangalore, India,17-18 December 2012 Sustainable Broadband Communications: International Perspective – Common Criteria David Martin, Head of International."

Similar presentations

West London Alliance London Councils Delivering Apprenticeship Opportunities in the Supply Chain 21 st June 2012 1.

West London Alliance London Councils Delivering Apprenticeship Opportunities in the Supply Chain 21 st June
National Information Assurance Partnership Paul Mansfield January 2013

National Information Assurance Partnership Paul Mansfield January 2013
Roadmap for Sourcing Decision Review Board (DRB)

Roadmap for Sourcing Decision Review Board (DRB)
BS 8903 Your route to full competence. About BS 8903 BS 8903 is the first standard in the world to define and describe best practice in sustainable procurement.

BS 8903 Your route to full competence. About BS 8903 BS 8903 is the first standard in the world to define and describe best practice in sustainable procurement.
Digital Agenda Unleashing the Potential of Cloud Computing in Europe Ken Ducatel Head of Unit Software and Services, Cloud European Commission (Directorate.

Digital Agenda Unleashing the Potential of Cloud Computing in Europe Ken Ducatel Head of Unit Software and Services, Cloud European Commission (Directorate.
Page 2 Agenda Page 3 History –Blue Print, 2000 –GIS Process 1.2, 2001 (training only) –GIS Process 2.0, 2003-4 (ITIL based - not implemented) –Supply/Demand.

Page 2 Agenda Page 3 History –Blue Print, 2000 –GIS Process 1.2, 2001 (training only) –GIS Process 2.0, (ITIL based - not implemented) –Supply/Demand.
Latest developments Merih Malmqvist Nilsson, ILAC Vice Chair

Latest developments Merih Malmqvist Nilsson, ILAC Vice Chair
Revision of AS 4708 and AS 4707.  AFSL announces the 5-yearly revision process of the Australian Standards for Sustainable Forest Management (AS 4708)

Revision of AS 4708 and AS  AFSL announces the 5-yearly revision process of the Australian Standards for Sustainable Forest Management (AS 4708)
International Federation of Accountants International Education Standards for Professional Accountants Mark Allison, Executive Director Institute of Chartered.

International Federation of Accountants International Education Standards for Professional Accountants Mark Allison, Executive Director Institute of Chartered.
The COUNTER Code of Practice for Books and Reference Works Peter Shepherd Project Director COUNTER UKSG E-Books Seminar, 9 November 2005.

The COUNTER Code of Practice for Books and Reference Works Peter Shepherd Project Director COUNTER UKSG E-Books Seminar, 9 November 2005.
Delivery Business Solutions April 29, 20131 Nashville PMI Symposium April 29, 2013 Stephanie Dedmon, PMP Director, Business Solutions Delivery Department.

Delivery Business Solutions April 29, Nashville PMI Symposium April 29, 2013 Stephanie Dedmon, PMP Director, Business Solutions Delivery Department.
Bangalore, India,17-18 December 2012 Sustainable Broadband Communications: International Perspective – Common Criteria David Martin, Head of International.

Bangalore, India,17-18 December 2012 Sustainable Broadband Communications: International Perspective – Common Criteria David Martin, Head of International.
Common Criteria National Information Assurance Partnership Evaluation of Mobile Technology Janine Pedersen 1.

Common Criteria National Information Assurance Partnership Evaluation of Mobile Technology Janine Pedersen 1.
EVALUATION AND QUALITY ASSURANCE STRATEGY PRESENTED BY DR SHYAM PATIAR.

EVALUATION AND QUALITY ASSURANCE STRATEGY PRESENTED BY DR SHYAM PATIAR.
Text and data mining for non-commercial research: the UK’s planned exception to copyright UK Government 22 April 2013, Brussels.

Text and data mining for non-commercial research: the UK’s planned exception to copyright UK Government 22 April 2013, Brussels.
National Workshop Gap Analysis on Implementation of MRA on Tourism Professionals and Feasibility Study for the Establishment of a Regional Secretariat.

National Workshop Gap Analysis on Implementation of MRA on Tourism Professionals and Feasibility Study for the Establishment of a Regional Secretariat.
Documenting Network Design

Documenting Network Design
ISO 9001:2015 Revision overview - General users

ISO 9001:2015 Revision overview - General users
1 Next Generation ISO 14001 Susan LK Briggs Presented to EFCOG/DOE EMS Implementation, Lessons Learned & Best Practices Training Workshop, 3/05.

1 Next Generation ISO Susan LK Briggs Presented to EFCOG/DOE EMS Implementation, Lessons Learned & Best Practices Training Workshop, 3/05.
International Aerospace Quality Group The Initiatives of the International Aerospace Quality Group (IAQG) Steve Shepherd ~ European Sector Leader.

International Aerospace Quality Group The Initiatives of the International Aerospace Quality Group (IAQG) Steve Shepherd ~ European Sector Leader.

Similar presentations

Ads by Google