Invitation to attend a discussion about IT product security and information assurance requirements for the Canadian government
The Common Criteria Users Forum is inviting representatives from Canadian government agencies to participate in a free round-table discussion about how the information assurance requirements of Canadian government agencies can be incorporated in international standards for IT security and the evaluation of IT products.
Specifically, we are hoping to engage individuals who have a working-level understanding of government IT security standards, procurement policies, or certification and accreditation, in a discussion about how Canadian government agencies can provide input into the development of Common Criteria Protection Profiles for IT products.
Note that we will not be discussing specific requirements, it is not a commercial or sales event, and there is no fee or obligation for attending. While this event is intended for Canada, the CCUF is looking to expand to other geographies.
Date, time, and location:
The meeting is being held on Friday, 17 May 2013 from 10:30 AM to noon, at Oracle, 45
O’Connor St Ottawa, ON K1P 1A4.
10:30 to 10:45 — Welcome and introductions
10:45 to 11:00 — A brief introduction to the Common Criteria and the CCUF
11:00 to noon — Round-table discussion
If you or your colleagues are interested in attending, please RSVP no later than Friday,
3 May by sending an email to firstname.lastname@example.org with the name, title, and agency
of each attendee.
If you are interested but cannot attend in person, please request teleconference
information and we will try to make it available.
About the Common Criteria
The Common Criteria for Information Technology Security Evaluation (CC) and the
Common Methodology for Information Technology Security Evaluation (CEM) are the
technical basis for an international agreement, the Common Criteria Recognition
Arrangement (CCRA), which ensures that:
•Products can be evaluated by competent and independent licensed laboratories to determine the fulfillment of particular security properties, to a certain extent of assurance.
• Following the successful evaluation of a product, a certificate is issued from one of the participating nations.
• These certificates are recognized by all the signatories of the CCRA.
The CC and CEM are recognized as international standards ISO/IEC 15408 and ISO/IEC 18045.
An important element of the CC is the development of Protection Profiles for many kinds of IT products. Protection Profiles serve as the baseline standard for security functions and evaluation activities for those products. Recently, new Protection Profiles have
been developed for firewalls and other network devices, full disk encryption storage devices, operating systems, and smartcards. Many other Protection Profiles are currently being developed and updated.
For additional information about the CC, visit the Common Criteria Portal.
About the Common Criteria Users Forum
The Common Criteria Users Forum (CCUF) is a volunteer-driven group with 350 members from more than twenty nations. Its mission is to provide a voice and communications channel amongst the Common Criteria (CC) community including vendors, consultants, licensed testing laboratories, national certification bodies, policy makers, customers, and other interested parties.
The CCUF has established a collaboration web site for its members to discuss issues, form working groups, and host technical communities for developing Protection Profiles. The CCUF has held workshops on CC-related topics in Tokyo and Paris, and is holding
workshops in Ottawa during the week of 13 May. One of the topics of the Ottawa workshop is how to best engage government agency representatives who are crafting their IT security procurement requirement, and that is the impetus for arranging a special session for Canadian government representatives.