It’s no secret that federal agencies are increasingly adopting or at least “dipping a toe” into the cloud computing pool. Private and public cloud environments offer agencies the opportunity to reduce costs, increase agility, and improve flexibility to meet their mission-critical objectives. However, concerns over the security and control of data are two major reasons many agencies aren’t moving to the cloud. In fact, a new Cisco-sponsored survey found that security topped federal IT leaders’ wish list when it comes to evaluating cloud service providers, with 69 percent rating it as a critical characteristic.
Cisco is a longtime leader in not only following, but embracing the government certification and accreditation processes. Common Criteria, FISMA (Federal Information Security Management Act) and FedRAMP (Federal Risk and Authorization Management Program) are all critical evaluation programs that facilitate the implementation of new technologies. That’s not to say government regulations aren’t complex. In fact, Cisco has a team dedicated to managing global government certifications. But without these standards in place, our continued advancement of military and civilian operations would cease to exist at the federal level. Read More »
Tags: cloud, Common Criteria, compliance, FedRAMP, FISMA, govtech
At the 14th International Common Criteria Conference (ICCC) held in Orlando this week, it was announced that India has become a Common Criteria Certificate issuing nation. We congratulate India on this significant achievement and look forward to working closely with the Indian Common Criteria Scheme. For more information on the announcement, see the article “India Earns Authorizing Nation Status for IT Product Testing”.
Tags: certification, Common Criteria, ICCC, india
In order for government and enterprise organizations to keep their data secure from increasingly advanced cyber threats, security solutions and protocols are critical. However, these organizations must ensure that their chosen security solutions meet key security criteria, are standards based, perform as expected and interoperate reliably with existing technology.
The challenges above are why Common Criteria was created. Common Criteria is an international standard for IT product security and reliability. In fact, many governments will not use security products that don’t meet Common Criteria standards.
This year, the International Common Criteria Conference is being held in Orlando, Florida from September 10-12. The conference is a place for Certification Bodies, Evaluation Laboratories, Researchers, Evaluators, Product Makers and Buyers and Sellers to come together and exchange ideas in order to improve Common Criteria.
Cisco will lead multiple sessions covering topics like Cryptography, Network Device Protection Profiles, Improving Common Criteria and Marketing Common Criteria.
Details on the speaking sessions presented by and in collaboration with Cisco are below:
- Keynote Speaker: CCUF Perspective
September 11 from 9-9:30AM ET
Alicia Squires, Cisco, CCUF Chair
September 11 from 9:30-11AM ET
Moderator: Mark Loepker, NIAP, CCES Chair
Panelists: Joshua Brickman, Oracle; Jen Gilbert, Cisco; Matt Keller, Corsec; Eric Winterton, Booz Allen Hamilton.
- Entropy Sources – Industry Realities and Evaluation Challenges
September 11 from 10-10:30AM ET
Alicia Squires: CISSP, Product Certification Engineer, Cisco Chair, CCUF Management Group
- Cryptography and Common Criteria
September 11 from 11:30-12PM ET
Ashit Vora, Manager, Common Criteria Certification, Cisco and Chris Brych, Manager, Security Certifications, SafeNet, Inc.
- Lessons and Recommendations from Evaluating Against NDPP in Three Different Schemes
September 11 from 5-5:30PM ET
Terrie Diaz, Product Certification Engineer, Cisco and Ashit Vora, Manager, Common Criteria Certification, Cisco
- Widening the Use of CC for End Users Worldwide
September 12 from 9:30-11AM ET
Moderator: Michele Mullen, Director, ATA, CSEC
Adam Golodner, Director, Global Security & Technology Policy, Cisco; Steve Lipner, Microsoft; Blackberry (INVITED); Ericsson (INVITED)
Tags: Common Criteria, common criteria conference, cryptography, data, government, network device protection, security
The Common Criteria Users Forum is inviting representatives from Canadian government agencies to participate in a free round-table discussion about how the information assurance requirements of Canadian government agencies can be incorporated in international standards for IT security and the evaluation of IT products.
Specifically, we are hoping to engage individuals who have a working-level understanding of government IT security standards, procurement policies, or certification and accreditation, in a discussion about how Canadian government agencies can provide input into the development of Common Criteria Protection Profiles for IT products.
Note that we will not be discussing specific requirements, it is not a commercial or sales event, and there is no fee or obligation for attending. While this event is intended for Canada, the CCUF is looking to expand to other geographies.
Date, time, and location:
The meeting is being held on Friday, 17 May 2013 from 10:30 AM to noon, at Oracle, 45
O’Connor St Ottawa, ON K1P 1A4.
10:30 to 10:45 — Welcome and introductions
10:45 to 11:00 — A brief introduction to the Common Criteria and the CCUF
11:00 to noon — Round-table discussion
Read More »
Tags: CC, CCRA, CCUF, CEM, Common Criteria, Common Criteria Portal, Protection Profiles
Today more than ever, networks are transforming the way organizations operate and are touching more people through a wider range of devices than ever before. Achieving a secure infrastructure is increasingly complex with today’s mobility, collaboration and cloud services added to the mix. These new capabilities offer much operational efficiency and reduce costs, but they also introduce additional risk to the network. Read More »
Tags: certifications, Common Criteria, cybersecurity, Gene Keeling