Common Criteria Archives - Page 8 of 8 - Corsec Security, Inc.®

CC-Certification-Common-Criteria-Certification

Technical Communities: Creating Common Criteria Protection Profiles

4th February 202031st October 2013

Who is Defining the Criteria That Your Products Will Need to be Evaluated Against? I have been involved in the Common Criteria (CC) community since the first International Common Criteria Conference (ICCC) in 2000. While I spend a lot of my time down in the weeds of Common Criteria issues, it’s refreshing to look at the Common…

More from the ICCC: Update on CNSSP #11 and Common Criteria

4th February 20208th October 2013

In my last post, I brought everyone up to speed on some happenings from the recent ICCC Conference in Orlando, including the revised Common Criteria Recognition Arrangement (CCRA) and its implications. There was a great deal of other discussion on various topics of interest, including the subject of collaboration…

Updates from ICCC Include CCRA Revisions

27th August 20153rd October 2013

Some of us from Corsec recently attended the 14th International Common Criteria Conference (ICCC) in Orlando, Florida, and we came away feeling that the Common Criteria (CC) community is finally coming together in many positive ways. After several years of difficult transition into defining the new CC paradigm of collaborative Protection Profiles (cPPs) and international Technical Communities (iTCs),…

Updates from the Joint CCDB/CCUF Workshop

4th February 20201st October 2013

It’s always great to get together with others from our industry to discuss advances and collaborate on moving processes forward for Common Criteria. Last month, several of us had the opportunity to work with colleagues from around the world at two separate events in Orlando, Florida. A group of us spent the first two weeks of September in Orlando, as Corsec sent multiple…

Common Criteria Schemes: Tips for Making the Right Choice

4th September 201929th August 2013

So many decisions, so little time. You’ve heard—and likely experienced—this mantra. And if you read this blog regularly, you’ve probably picked up on the fact that security validations involve making a whole host of decisions. When pursuing Common Criteria certification, one often perplexing, yet critical decision I hear people lament…

CSfC and Your Product Evaluation

15th July 202222nd August 2013

We have recently seen an increase in the number of clients who are asking about CSfC and how to get on the CSfC Components List maintained by the National Security Agency (NSA) Information Assurance Directorate (IAD). CSfC is the acronym for the IAD’s Commercial Solutions for Classified program. It’s worth noting…

But the Rules are Changing!

21st July 201725th July 2013

According to the ancient Greek philosopher Heraclitus, “There is nothing permanent except change.” As anyone following security certifications lately can tell you, there is a lot of truth in this statement. We have entered another …

Why You Need Common Criteria Certification and How to Get There

4th September 201920th June 2013

In the IT security industry, research and development teams continually race to introduce new products, while at the same time, project teams improve upon existing offerings—all scrambling to ensure that the latest versions meet security functional and assurance requirements. The goal is to bring the strongest and most secure…

Webinar Recap: Should You Revalidate or Recertify?

27th August 20156th June 2013

If you have been through the certification or validation process for your security product, I don’t need to tell you that it’s a substantial investment in time, resources and cost. Or that it’s worth that investment when you consider the benefits you’ll realize from your ability to sell into the lucrative government market. We discussed…

Budgeting for Certifications: Avoid Cost Creep

10th January 201830th May 2013

Budgeting for a Common Criteria Certification can be difficult, but it’s not impossible. Understanding how to create your certification budget, and taking the necessary steps to follow through with that budget, can reduce your costs and simplify the certification process. We are frequently asked, “How much does certification cost…

Starting a Validation—Don’t Make All of Your Decisions up Front

14th January 20169th April 2013

A security validation is a substantial process—getting it started can be daunting. But you don’t need to decide everything up front—in fact, you shouldn’t. There are definitely some important considerations to work through, but there are some decisions you should put off until you are well into the process.

Is There Value in Maintaining Your Security Validation?

27th August 201526th March 2013

Once you have spent the time and money to pursue a security validation, you’re all done, right? Well, not exactly. However, the good news is that it isn’t hard or expensive to maintain your validation.

For most security validations, the validation applies to a specific version of hardware and software. At the beginning of your evaluation you must choose which versions of your product you are taking through the validation process.

Selecting a Certification Consulting Company: Why the Right Choice Matters

14th January 201614th March 2013

Your customers are asking for your product to go through a security validation. You have begun evaluating your options, have started to develop a strategy, and have decided that this is not a task you can handle on your own. Your first step will be to talk to an expert consultant.

But how do you choose one?

CC Certification: Important Factors

25th May 20168th November 2012

Congratulations! You’ve decided to pursue Common Criteria certification for your information technology security product. Now what? The single most important factor that will influence whether your product is certified on schedule is not the product itself; it’s how you manage the certification process. So before you embark…

Maximize Your Certification ROI – New Corsec Webinar

27th August 201516th May 2012

Your certification or validation was a significant investment of both time and money for your company. While a certification or validation can be a substantial revenue generator for your company, it will only be so if it keeps up with any changes added to your product. Over time your product will undoubtedly be enhanced, whether by new features or by bug fixes. Given the care and effort you have invested in your product development strategy, it is critical to also have a product revalidation strategy in order to maintain a validation or certification on your currently available products.