The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;

Slides:

Advertisements

Similar presentations

Module 1 Evaluation Overview © Crown Copyright (2000)

Advertisements

University of Tulsa - Center for Information Security Common Criteria Dawn Schulte Leigh Anne Winters.

Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

Accreditation 1. Purpose of the Module - To create knowledge and understanding on accreditation system - To build capacity of National Governments/ focal.

Effective Design of Trusted Information Systems Luděk Novák,

IT Security Evaluation By Sandeep Joshi

The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.

An Overview of Common Criteria Protection Profiles María M. Larrondo Petrie, PhD March 26, 2004.

October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.

1 Lecture 8 Security Evaluation. 2 Contents u Introduction u The Orange Book u TNI-The Trusted Network Interpretation u Information Technology Security.

Security Controls – What Works

COEN 351: E-Commerce Security Public Key Infrastructure Assessment and Accreditation.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Stephen S. Yau CSE , Fall Evaluating Systems for Functionality and Assurance.

Environmental Management Systems Refresher

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.

Dr. Ron Ross Computer Security Division

Fraud Prevention and Risk Management

Complying With The Federal Information Security Act (FISMA)

NVLAP Overview and Accreditation Process March 2006.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Gurpreet Dhillon Virginia Commonwealth University

Information Security Framework & Standards

SEC835 Database and Web application security Information Security Architecture.

Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005.

1 Anthony Apted/ James Arnold 26 September 2007 Has the Common Criteria Delivered?

A Security Business Case for the Common Criteria Marty Ferris Ferris & Associates, Inc

IS 2620: Developing Secure Systems Assurance and Evaluation Lecture 8 March 15, 2012.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information Security Standards Promoting Trust, Transparency, and Due Diligence E-Gov Washington Workshop.

1 NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Federal Government Perspectives on Secure Information Sharing Technology Leadership Series August 14,

Applied Technology Services, Inc. Your Partner in Technology Applied Technology Services, Inc. Your Partner in Technology.

NIST Special Publication Revision 1

Overview of existing assessment schemes Rolf Bienert, John Lin.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

UNCLASSIFIED DITSCAP Primer. UNCLASSIFIED 1/18/01DITSCAP Primer.PPT 2 DITSCAP* Authority ASD/C3I Memo, 19 Aug 92 –Develop Standardized C&A Process DODI.

Background. History TCSEC Issues non-standard inflexible not scalable.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Integrated Enterprise-wide Risk Management Protecting Critical Information Assets and Records FIRM Forum.

National Institute of Standards and Technology 1 The Federal Information Security Management Act Reinforcing the Requirements for Security Awareness Training.

1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera.

Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.

10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Managing Risk in New Computing Paradigms Applying FISMA Standards and Guidelines to Cloud Computing Workshop.

1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.

Page 1 ©1999 InfoGard Laboratories, Inc Centre for Applied Cryptographic Research workshop, Nov. 8, 1999 Third party evaluations of CA cryptographic implementations.

CMSC : Common Criteria for Computer/IT Systems

Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.

TM8104 IT Security EvaluationAutumn CC – Common Criteria (for IT Security Evaluation) The CC permits comparability between the results of independent.

1 Using Common Criteria Protection Profiles. 2 o A statement of user need –What the user wants to accomplish –A primary audience: mission/business owner.

Copyright (C) 2007, Canon Inc. All rights reserved. P. 0 A Study on the Cryptographic Module Validation in the CC Evaluation from Vendors' point of view.

NIST Computer Security Framework and Grids Original Slides by Irwin Gaines (FNAL) 20-Apr-2006 Freely Adapted by Bob Cowles (SLAC/OSG) for JSPG 13-Mar-2007.

SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University

Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.

CSCE 727 Awareness and Training Secure System Development and Monitoring.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

ISO17799 / BS ISO / BS Introduction Information security has always been a major challenge to most organizations. Computer infections.

Computer Security Division Information Technology Laboratory

Ch.18 Evaluating Systems - Part 2 -

Partnerships for VoIP Security VoIP Protection Profiles

Special Publication Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations Dr. Ron Ross Computer Security.

Group Meeting Ming Hong Tsai Date :

IT SECURITY EVALUATION ACCORDING TO HARMONIZED AND APPROVED CRITERIA

Presentation transcript:

The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive; Stop 8930 Gaithersburg, MD (301) fax: (301)

Presentation Contents The Common Criteria (CC) –What is it –How is it used The significance of the Linux CC evaluation The role and importance of product CC evaluations in achieving system assurance

The International Common Criteria Standard ( ISO/IEC 15408) What the standard is – Common structure and language for expressing product/system IT security requirements (Part 1) Catalog of standardized IT security requirement components and packages (Parts 2 and 3) How the standard is used – Develop protection profiles and security targets -- specific IT security requirements and specifications for products and systems EvaluateEvaluate products and systems against known and understood IT security requirements

An Evolutionary Process Two decades of research and development… US-DOD TCSEC US-NIST MSFR 1990 Federal Criteria 1992 Europe ITSEC 1991 Canada TCPEC 1993 Common Criteria ISO Common Criteria 1999 European National/Regional Initiatives Canadian Initiatives

IT Security Requirements The Common Criteria defines two types of IT security requirements-- Functional Requirements - for defining security behavior of the IT product or system: implemented requirements become security functions Assurance Requirements - for establishing confidence in security functions: correctness of implementation effectiveness in satisfying security objectives Examples: Identification & Authentication Audit User Data Protection Cryptographic Support Examples: Development Configuration Management Life Cycle Support Testing Vulnerability Analysis

Evaluation Assurance Levels Common Criteria defines seven hierarchical assurance levels-- EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7 Functionally Tested Structurally Tested Methodically Tested & Checked Methodically Designed, Tested & Reviewed Semiformally Designed & Tested Semiformally Verified Design & Tested Formally Verified Design & Tested EAL Designation

Protection Profiles (generic) & Security Targets (specific) Protection Profile contents Introduction TOE Description Security Environment Assumptions Threats Organizational security policies Security Objectives Security Requirements Functional requirements Assurance requirements Rationale Security Target contents Introduction TOE Description Security Environment Assumptions Threats Organizational security policies Security Objectives Security Requirements Functional requirements Assurance requirements TOE Summary Specification PP Claims Rationale

Profiles and Targets (Some Examples) Profiles and Targets (Some Examples) Protection Profiles (Product Independent)  Operating Systems (C2, CS2, RBAC)  Firewalls (Packet Filter and Application)  Smart cards (Stored value and other) Security Targets (Product Specific)  Oracle Database Management System  Lucent, Cisco, Checkpoint Firewalls

Defining Requirements ISO/IEC Standard A flexible, robust catalogue of standardized IT security requirements (features and assurances) Protection Profiles Consumer-driven security requirements in specific information technology areas Operating Systems Database Systems Firewalls Smart Cards Applications Biometrics Routers VPNs Access Control Identification Authentication Audit Cryptography

Industry Responds Protection Profile Consumer statement of IT security requirements to industry in a specific information technology area Security Targets Vendor statements of security claims for their IT products CISCO Firewall Lucent Firewall Checkpoint Firewall Network Assoc. Firewall Security Features and Assurances Firewall Security Requirements

Demonstrating Conformance IT Products Vendors bring IT products, with their security targets, to independent, impartial testing facilities for security evaluation Security Features and Assurances Private sector, accredited security testing laboratories conduct evaluations Common Criteria Testing Labs Test results submitted to NIAP for post-evaluation validation Test Reports

Validating Test Results Laboratory submits test report to Validation Body Test Report Validation Body validates laboratory’s test results Common Criteria Validation Body NIAP issues Validation Report and Common Criteria Certificate Validation Report National Information Assurance Partnership Common Criteria Certificate TM

Significance of the Linux Evaluation CC was not designed for open source products. –Open source not “in vogue” 10 years ago. CC assumes a “normal” development process Open source does not follow a “normal” development process Linux was first attempt at evaluating an open source product Linux functionality and development process imposed some limitations on achievable evaluation results Demonstrated that an open source product can undergo a successful, traditional CC evaluation –but requires additional developmental activity (as one would expect due to the way open source products are developed).

Assurance in Information Systems (IS) Building more secure systems requires: Well defined system-level security requirements and security specifications Well designed component products Sound systems security engineering practices Competent systems security engineers Appropriate metrics for product/system testing, evaluation, and assessment Comprehensive system security planning and life cycle management

Supporting Tools and Programs Building more secure systems is enhanced by: Standardized Security Requirements and Specifications –U.S. Common Criteria protection profile development project –Private sector protection profile contributions  BITS functional packages  Smart Card Security Users Group (SCSUG)  Process Control Security Requirements Forum (PCSRF) IT Component-level Product Testing and Evaluation Programs – Common Criteria Evaluation and Validation Schemes (CCRA) – Cryptographic Module Validation Program (U.S. NIST/Canada CSE) Security Implementation Guidance –Security Technical Implementation Guides –Security Reference Guides System Certification and Accreditation

Supporting Tools and Programs Operational Environment Accreditation Authority Standards Guidelines Certification Accreditation Real World Threats and Vulnerabilities Risk Management Security Policies System Security Plan Personnel Security Procedural Security Physical Security Technical Security Specific IT System Products Generic Systems System-level Protection Profiles Laboratory Environment CMVP CCEVS Accredited Testing Laboratories Products Profiles Validated Products Evidence Security Targets Evaluation Reports Validation Reports FIPS Testing Cryptographic Modules CC Evaluations General IT Products Protection Profiles Implementation Guidance

Certification and Accreditation: The Big Picture Information Security Program FEDERAL INFORMATION AND INFORMATION SYSTEM SP SP A Verification of Security Control Effectiveness (Certification) Measures the effectiveness of the security controls associated with information systems through security testing and evaluation Defines categories of information and information systems according to levels of risk for confidentiality, integrity, and availability; maps information types to security categories Categorization of Information and Information System FIPS 199 SP Documents the security requirements and security controls planned or in place for the protection of information and information systems Security Planning SP Analyzes the threats to and vulnerabilities of information systems and the potential impact or magnitude of harm that the loss of confidentiality, integrity, or availability would have on an agency’s operations and assets Risk Assessment SP Security Authorization (Accreditation) The authorization of information systems to process, store, or transmit information, granted by a senior agency official, based on the effectiveness of security controls and residual risk SP Security Control Selection and Implementation Management, operational, and technical controls (i.e., safeguards and countermeasures) planned or in place to protect information and information systems FIPS 200 (Final) SP (Interim)