Cisco Blogs


Cisco Blog > Government

Invitation to attend a discussion about IT product security and information assurance requirements for the Canadian government

The Common Criteria Users Forum is inviting representatives from Canadian government agencies to participate in a free round-table discussion about how the information assurance requirements of Canadian government agencies can be incorporated in international standards for IT security and the evaluation of IT products.

Specifically, we are hoping to engage individuals who have a working-level understanding of government IT security standards, procurement policies, or certification and accreditation, in a discussion about how Canadian government agencies can provide input into the development of Common Criteria Protection Profiles for IT products.

Note that we will not be discussing specific requirements, it is not a commercial or sales event, and there is no fee or obligation for attending.  While this event is intended for Canada, the CCUF is looking to expand to other geographies.

Common Criteria Users Forum

 

Date, time, and location:
The meeting is being held on Friday, 17 May 2013 from 10:30 AM to noon, at Oracle, 45
O’Connor St Ottawa, ON K1P 1A4.
Agenda:
10:30 to 10:45 — Welcome and introductions
10:45 to 11:00 — A brief introduction to the Common Criteria and the CCUF
11:00 to noon — Round-table discussion

Read More »

Tags: , , , , , ,

Cisco 7600 series Routers are Common Criteria Certified!

January 8, 2013 at 8:17 am PST

The Global Certification Team wants to wish each of you a very happy and prosperous new year.  To start this year right, we are proud to announce that the Cisco 7600 Series Routers have been Common Criteria Certified!  The evaluation includes the 7613, 7609-S, 7606-S, 7604 or 7603-S, with an RSP720 Management Card, and VPN IPSec SPA (ws-ipsec-3) running IOS 15.1(3)S3.

he Cisco 7600 Series is the industry’s first carrier-class edge router to offer integrated, high-density Ethernet switching, carrier-class IP/MPLS routing, and 10-Gbps interfaces, benefiting enterprises and helping enable service providers to deliver both consumer and business services over a single converged Carrier Ethernet network.  More information can be found on Cisco.com

Get up to the minute updates on Cisco product certifications from the official GCT twitter,@CiscoCertTeam!

Tags: , , , , ,

Progress Report from the Common Criteria Supply Chain Security Technical Working Group

On September 19 at Progress Report from the Supply Chain Security Technical Working Group (September 19 2012), a status report was presented from the Supply Chain Security Technical Work Group which was formed in March 2012 with the approval of the Common Criteria Development Board, in order to produce a Common Criteria Supporting Document that technical communities can use and adapt for their protection profiles.

The information and communications technology (ICT) supply chain has become increasingly complex, with logically long and geographically diverse routes, including multiple tiers of outsourcing.  This leads to a significant increase in the number of organizations and individuals who “touch” a product, and thus, increase the likelihood that a product’s integrity will be compromised.  Ensuring that ICT products from commercial software and hardware providers are free from vulnerabilities introduced via the product developer’s supply chain is an increasing concern which has manifested in proposed legislation and draft government regulations, as well as publicized attacks.

Exacerbating those concerns is the fact that awareness of supply chain risks and potential mitigations is not widely shared within the ICT industry, academia, government regulators, and product acquirers.

The product life cycle and its corresponding supply chain aspects extend from design to sourcing, manufacturing, distribution, delivery, installation, support, and end-of-life. Each stage presents potential threats of attack: the introduction of counterfeit products or components; elements of product taint, for example via malware or an integrity breach; disruptions to logistics and delivery; as well as tampered communications between the product developer and the customer or the customer and supplier.

The initial Supply Chain Security Supporting Document will describe several of these threats in more detail, specify additional threats, suggest assurance requirements, and recommend best practices for product manufacturers, evaluators, certifiers and end users.

As communities incorporate targeted material from the Supply Chain Supporting Document in protection profiles and vendors complete Common Criteria security evaluations against those protection profiles, customers will gain additional assurance of the product developer’s actions to secure their supply chain, and confidence in the manufactured product they are receiving; all under the globally accepted Common Criteria framework.

 

 

Tags: , , ,

GCT at the Common Criteria Development Board bi-annual Session

March 26, 2012 at 4:16 pm PST

Today I am happy to have a guest Post from Jennifer Gilbert.  Jennifer functions as the Global Certification Team (GCT) lead for Strategy and Policy.  She can be reached at jtgilber@cisco.com

During the course of March 20 to March 22nd, the Common Criteria Development Board (CCDB) held its bi-annual session in Tokyo, Japan.

A precedent setting Industry invitation resulted in the 1st Joint CCDB and Industry Workshop – representatives from Cisco, Microsoft, Intel, SafeNet, Ricoh, EWA, SiVenture, Corsec, Aerospace, and Epoche & Espri participated in this first ever Joint Workshop.  While several indepth discussions took place, a draft of the Terms of Reference (ToR) for Technical Communities was well received by the CCDB.  The ToR is currently out for review within the broader Common Criteria Forum (CCF) to assure those who were unable to participate from Industry in Tokyo are able to provide input and comment further.  Cisco anticipates that the CCDB will instantiate the Terms of Reference within the next 3 months.  For those who would like to follow more closely, you can apply to be a part of the CCF here.

The 1st Joint CCDB and Industry Workshop was rendered a success and encouraged for future ICCC events; the 2nd Joint CCDB and Industry Workshop will be held in September, one week in advance of the ICCC Paris.

Tags: , , , , , , , ,

The Cisco 5940 Embedded Services Router (ESR) awarded Common Criteria Certification

December 15, 2011 at 2:15 pm PST

The Global Certification Team is pleased to announce thati  the 5940 Embedded Services Router (ESR) has been awarded Common Criteria certification.  The 5940 ESR is certified at EAL2+ against the Traffic Filter Firewall in Basic Robustness Environments v1.1.  The Cisco 5940 ESR validated for IOS Version: 15.1(2)GC1.

More information on the validation effort can be found at: http://www.niap-ccevs.org/cc-scheme/st/vid10429/

Read More »

Tags: , , , , , , , , , , ,