Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;

Published byGavin Dennis Modified over 8 years ago

Similar presentations

Presentation on theme: "The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;"— Presentation transcript:

1 The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive; Stop 8930 Gaithersburg, MD 20899 (301) 975-4768 skatzke@nist.gov fax: (301) 975-4964

2 Presentation Contents The Common Criteria (CC) –What is it –How is it used The significance of the Linux CC evaluation The role and importance of product CC evaluations in achieving system assurance

3 The International Common Criteria Standard ( ISO/IEC 15408) What the standard is – Common structure and language for expressing product/system IT security requirements (Part 1) Catalog of standardized IT security requirement components and packages (Parts 2 and 3) How the standard is used – Develop protection profiles and security targets -- specific IT security requirements and specifications for products and systems EvaluateEvaluate products and systems against known and understood IT security requirements

4 An Evolutionary Process Two decades of research and development… US-DOD TCSEC 1983-85 US-NIST MSFR 1990 Federal Criteria 1992 Europe ITSEC 1991 Canada TCPEC 1993 Common Criteria 1993-98 ISO 15408 Common Criteria 1999 European National/Regional Initiatives 1989-93 Canadian Initiatives 1989-93

5 IT Security Requirements The Common Criteria defines two types of IT security requirements-- Functional Requirements - for defining security behavior of the IT product or system: implemented requirements become security functions Assurance Requirements - for establishing confidence in security functions: correctness of implementation effectiveness in satisfying security objectives Examples: Identification & Authentication Audit User Data Protection Cryptographic Support Examples: Development Configuration Management Life Cycle Support Testing Vulnerability Analysis

6 Evaluation Assurance Levels Common Criteria defines seven hierarchical assurance levels-- EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7 Functionally Tested Structurally Tested Methodically Tested & Checked Methodically Designed, Tested & Reviewed Semiformally Designed & Tested Semiformally Verified Design & Tested Formally Verified Design & Tested EAL Designation

7 Protection Profiles (generic) & Security Targets (specific) Protection Profile contents Introduction TOE Description Security Environment Assumptions Threats Organizational security policies Security Objectives Security Requirements Functional requirements Assurance requirements Rationale Security Target contents Introduction TOE Description Security Environment Assumptions Threats Organizational security policies Security Objectives Security Requirements Functional requirements Assurance requirements TOE Summary Specification PP Claims Rationale

8 Profiles and Targets (Some Examples) Profiles and Targets (Some Examples) Protection Profiles (Product Independent)  Operating Systems (C2, CS2, RBAC)  Firewalls (Packet Filter and Application)  Smart cards (Stored value and other) Security Targets (Product Specific)  Oracle Database Management System  Lucent, Cisco, Checkpoint Firewalls

9 Defining Requirements ISO/IEC Standard 15408 A flexible, robust catalogue of standardized IT security requirements (features and assurances) Protection Profiles Consumer-driven security requirements in specific information technology areas Operating Systems Database Systems Firewalls Smart Cards Applications Biometrics Routers VPNs Access Control Identification Authentication Audit Cryptography

10 Industry Responds Protection Profile Consumer statement of IT security requirements to industry in a specific information technology area Security Targets Vendor statements of security claims for their IT products CISCO Firewall Lucent Firewall Checkpoint Firewall Network Assoc. Firewall Security Features and Assurances Firewall Security Requirements

11 Demonstrating Conformance IT Products Vendors bring IT products, with their security targets, to independent, impartial testing facilities for security evaluation Security Features and Assurances Private sector, accredited security testing laboratories conduct evaluations Common Criteria Testing Labs Test results submitted to NIAP for post-evaluation validation Test Reports

12 Validating Test Results Laboratory submits test report to Validation Body Test Report Validation Body validates laboratory’s test results Common Criteria Validation Body NIAP issues Validation Report and Common Criteria Certificate Validation Report National Information Assurance Partnership Common Criteria Certificate TM

13 Significance of the Linux Evaluation CC was not designed for open source products. –Open source not “in vogue” 10 years ago. CC assumes a “normal” development process Open source does not follow a “normal” development process Linux was first attempt at evaluating an open source product Linux functionality and development process imposed some limitations on achievable evaluation results Demonstrated that an open source product can undergo a successful, traditional CC evaluation –but requires additional developmental activity (as one would expect due to the way open source products are developed).

14 Assurance in Information Systems (IS) Building more secure systems requires: Well defined system-level security requirements and security specifications Well designed component products Sound systems security engineering practices Competent systems security engineers Appropriate metrics for product/system testing, evaluation, and assessment Comprehensive system security planning and life cycle management

15 Supporting Tools and Programs Building more secure systems is enhanced by: Standardized Security Requirements and Specifications –U.S. Common Criteria protection profile development project –Private sector protection profile contributions  BITS functional packages  Smart Card Security Users Group (SCSUG)  Process Control Security Requirements Forum (PCSRF) IT Component-level Product Testing and Evaluation Programs – Common Criteria Evaluation and Validation Schemes (CCRA) – Cryptographic Module Validation Program (U.S. NIST/Canada CSE) Security Implementation Guidance –Security Technical Implementation Guides –Security Reference Guides System Certification and Accreditation

16 Supporting Tools and Programs Operational Environment Accreditation Authority Standards Guidelines Certification Accreditation Real World Threats and Vulnerabilities Risk Management Security Policies System Security Plan Personnel Security Procedural Security Physical Security Technical Security Specific IT System Products Generic Systems System-level Protection Profiles Laboratory Environment CMVP CCEVS Accredited Testing Laboratories Products Profiles Validated Products Evidence Security Targets Evaluation Reports Validation Reports FIPS 140-2 Testing Cryptographic Modules CC Evaluations General IT Products Protection Profiles Implementation Guidance

17 Certification and Accreditation: The Big Picture Information Security Program FEDERAL INFORMATION AND INFORMATION SYSTEM SP 800-37 SP 800-53A Verification of Security Control Effectiveness (Certification) Measures the effectiveness of the security controls associated with information systems through security testing and evaluation Defines categories of information and information systems according to levels of risk for confidentiality, integrity, and availability; maps information types to security categories Categorization of Information and Information System FIPS 199 SP 800-60 Documents the security requirements and security controls planned or in place for the protection of information and information systems Security Planning SP 800-18 Analyzes the threats to and vulnerabilities of information systems and the potential impact or magnitude of harm that the loss of confidentiality, integrity, or availability would have on an agency’s operations and assets Risk Assessment SP 800-30 Security Authorization (Accreditation) The authorization of information systems to process, store, or transmit information, granted by a senior agency official, based on the effectiveness of security controls and residual risk SP 800-37 Security Control Selection and Implementation Management, operational, and technical controls (i.e., safeguards and countermeasures) planned or in place to protect information and information systems FIPS 200 (Final) SP 800-53 (Interim)

Download ppt "The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;"

Similar presentations

Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
University of Tulsa - Center for Information Security Common Criteria Dawn Schulte Leigh Anne Winters.

University of Tulsa - Center for Information Security Common Criteria Dawn Schulte Leigh Anne Winters.
Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.

Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Accreditation 1. Purpose of the Module - To create knowledge and understanding on accreditation system - To build capacity of National Governments/ focal.

Accreditation 1. Purpose of the Module - To create knowledge and understanding on accreditation system - To build capacity of National Governments/ focal.
Effective Design of Trusted Information Systems Luděk Novák,

Effective Design of Trusted Information Systems Luděk Novák,
IT Security Evaluation By Sandeep Joshi

IT Security Evaluation By Sandeep Joshi
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.

The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
An Overview of Common Criteria Protection Profiles María M. Larrondo Petrie, PhD March 26, 2004.

An Overview of Common Criteria Protection Profiles María M. Larrondo Petrie, PhD March 26, 2004.
October 3, 20031 Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.

October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.

1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
1 Lecture 8 Security Evaluation. 2 Contents u Introduction u The Orange Book u TNI-The Trusted Network Interpretation u Information Technology Security.

1 Lecture 8 Security Evaluation. 2 Contents u Introduction u The Orange Book u TNI-The Trusted Network Interpretation u Information Technology Security.
Security Controls – What Works

Security Controls – What Works
COEN 351: E-Commerce Security Public Key Infrastructure Assessment and Accreditation.

COEN 351: E-Commerce Security Public Key Infrastructure Assessment and Accreditation.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Stephen S. Yau CSE 465-591, Fall 2006 1 Evaluating Systems for Functionality and Assurance.

Stephen S. Yau CSE , Fall Evaluating Systems for Functionality and Assurance.
Environmental Management Systems Refresher

Environmental Management Systems Refresher
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

Similar presentations

Ads by Google