Cisco Blogs


Cisco Blog > Security

One Small Step…

More and more, we ask technology to play critical roles in our businesses, and our lives.  Pondering that for a moment, that dependance (versus use), requires careful thought on how much we trust that the technology is working as we want it, only as we want it, and nothing more.  For many businesses or governments, testing via FIPS or Common Criteria increases that confidence level, combined with detailed operational plans to ensure running the services after they are installed is going correctly. For many technology vendors, innovation and commitment, can help here.

Our commitment at Cisco, and our innovation, for trustworthiness have never been stronger than they are today.  Nearly 5 years ago, we started down a road which ultimately led to Cisco’s Secure Development Lifecycle (CSDL), and in our most recent FY12 SEC 10-K, acknowledged that work, our secure supply chain work, and our innovation efforts for Secure Boot and Anti-Tamper.  For reference, that 10K, or 2012 Annual Report, is posted here: http://investor.cisco.com/

We foresaw the need for trustworthiness by listening to our customers, and we started early.  Early results are in, and we’ve both reduced externally found security flaws, as well as increased the resiliency for multiple products anti-tamper.  Have we done it on every product? Not yet, although rest assured, that’s exactly where we are going. I’ll keep you posted.

Tags: , , , , , , ,

Securing the Cloud with Common Criteria

Last week I attended the ICCC in Paris where Ashit Vora, Manager, Security Assurance, Cisco discussed the Cloud and how Common Criteria can be used to help mitigate threats.  The following is an excerpt from his presentation and food for thought on Cloud security.

More and more enterprises, including governments are moving their data “to the Cloud” in the hopes of saving infrastructure and maintenance costs.  But is this at the risk of security? As both private and public Clouds become pervasive, security is going to be a major concern.   Cloud infrastructure by definition has large amounts of information including proprietary information, competitive information, information of different classification levels, etc.  In addition, the types of mechanism available to access the information in the Cloud, such as B.Y.O.D. (Bring Your Own Device), are increasing day by day. If the proper security mechanisms are not in place and validated, it could prove to be damaging to all users of the Cloud.

Read More »

Tags: , , ,

Benefits of Common Criteria

Alicia Squires, Cisco Certifications Engineer and Common Criteria Users Forum (CCUF) Chair, discussed the benefits of Common Criteria yesterday at the International Common Criteria Conference (ICCC).

  • Single certification recognized by 26 nations
  • Improves availability of evaluated, security-enhanced IT products
  • Contributes to higher levels of citizen confidence in IT security
  • Improves the efficiency and cost-effectiveness of the evaluation and certification process
  • Allows vendors to focus their resources on a common set of requirements to improve the security of products overall
  • Increases the breadth of certified products and technologies available to IT administrator

For more information visit the Common Criteria Users Forum.

Alicia Squires, CCUF Chair

 

Tags: , ,

ICCC Press Conference – Update from Common Criteria Users Forum

Alicia Squires, Common Criteria Users Forum (CCUF) Chair, and Cisco Certifications Engineer, CC Users Forum press conference reviews the mission of the CCUF and the benefits of Common Criteria at the 13th Annual International Common Criteria Conference, held in Paris September 18-20, 2012.

The Common Criteria User Forum mission is to provide a voice and communications channel amongst the CC community including the vendors, consultants, testing laboratories, Common Criteria organizational committees, national schemes, policy makers, and other interested parties.

Tags: , , ,

ICCC 2012: Raising Awareness of Common Criteria, Promoting Security for Emerging Technologies

In this age of emerging technologies and increasingly complex cyber threats, government and enterprise organizations of all types need to ensure that products they use meet key security criteria, are standards based, perform as expected and interoperate reliably with existing technology.

As these organizations adopt new emerging technologies in hopes of saving on infrastructure and maintenance costs, is this at the risk of security? Without the proper security mechanisms in place and validated, the results could be catastrophic.

Common Criteria is an international standard for evaluating IT product security and reliability, recognized by more than 26 countries around the world. Common Criteria is considered a mandatory requirement for purchasing network security products by many governments.

The 13th International Common Criteria Conference, this year being held in Paris from September 18-20, will bring together leaders from governments and organizations of all types from around the world.

The ICCC Conference offers certification/validation schemes, evaluation laboratories, product developers, system integrators and product users to exchange expertise, experiences and skills on the application of the Common Criteria and security for Information and Communication Technology [ICT] solutions, such as Cloud Computing.

Cisco will participate in speaking sessions at the conference focused on topics including Supply Chain Security, Architectural approaches to Technical Communities and Collaborative Protection Profiles, Cloud Security and Innovation.

Details on the speaking sessions presented by and in collaboration with Cisco are below:

Progress Report from the Supply Chain Security Technical Workgroup
Sept. 19 at 11:30 CET
Track 1 – Room B/Chagall + Van Dongen
Michael Grimm, senior program manager, Microsoft and Terrie Diaz, product certification engineer, Cisco

An Architectural Framework Approach in the Development of Technical Communities and Collaborative Protection Profiles
Sept. 19 at 11:30 CET
Track 2 – Room C/Soutine & Utrillo
Axel Munde, BSI
Dirk Jan Out, Brightsight
Jen Gilbert, lead, global certifications strategy and policy, Cisco

Cloud Security and Common Criteria
Sept. 19 at 14:30 CET
Track 3 – Room D/Picasso
Ashit Vora, manager, security assurance – FIPS/Common Criteria, Cisco

Innovation and the Common Criteria
Sept. 19 at 15:00 CET
Track 3 – Room D/Picasso
Audrey Plonk, Intel
Jen Gilbert, lead, global certifications strategy and policy, Cisco

Visit ICCC and Cisco Global Government Certifications for more information.

Tags: , , , , , ,