Cisco Blogs

Cisco Blog > Government

Cloud Success Requires Embracing Federal Compliance

It’s no secret that federal agencies are increasingly adopting or at least “dipping a toe” into the cloud computing pool. Private and public cloud environments offer agencies the opportunity to reduce costs, increase agility, and improve flexibility to meet their mission-critical objectives. However, concerns over the security and control of data are two major reasons many agencies aren’t moving to the cloud. In fact, a new Cisco-sponsored survey found that security topped federal IT leaders’ wish list when it comes to evaluating cloud service providers, with 69 percent rating it as a critical characteristic.

Cisco is a longtime leader in not only following, but embracing the government certification and accreditation processes. Common Criteria, FISMA (Federal Information Security Management Act) and FedRAMP (Federal Risk and Authorization Management Program) are all critical evaluation programs that facilitate the implementation of new technologies. That’s not to say government regulations aren’t complex. In fact, Cisco has a team dedicated to managing global government certifications. But without these standards in place, our continued advancement of military and civilian operations would cease to exist at the federal level. Read More »

Tags: , , , , ,

Cisco congratulates India on becoming a Common Criteria Certificate Issuing Nation

At the 14th International Common Criteria Conference (ICCC) held in Orlando this week, it was announced that India has become a Common Criteria Certificate issuing nation. We congratulate India on this significant achievement and look forward to working closely with the Indian Common Criteria Scheme. For more information on the announcement, see the article “India Earns Authorizing Nation Status for IT Product Testing”.

Tags: , , ,

ICCC 2013: Improving Common Criteria Standards for New Technologies

In order for government and enterprise organizations to keep their data secure from increasingly advanced cyber threats, security solutions and protocols are critical. However, these organizations must ensure that their chosen security solutions meet key security criteria, are standards based, perform as expected and interoperate reliably with existing technology.

The challenges above are why Common Criteria was created. Common Criteria is an international standard for IT product security and reliability. In fact, many governments will not use security products that don’t meet Common Criteria standards.

This year, the International Common Criteria Conference is being held in Orlando, Florida from September 10-12. The conference is a place for Certification Bodies, Evaluation Laboratories, Researchers, Evaluators, Product Makers and Buyers and Sellers to come together and exchange ideas in order to improve Common Criteria.

Cisco will lead multiple sessions covering topics like Cryptography, Network Device Protection Profiles, Improving Common Criteria and Marketing Common Criteria.

Details on the speaking sessions presented by and in collaboration with Cisco are below:

  • Keynote Speaker: CCUF Perspective

September 11 from 9-9:30AM ET

Alicia Squires, Cisco, CCUF Chair

  • Marketing the New CC

September 11 from 9:30-11AM ET

Moderator: Mark Loepker, NIAP, CCES Chair

Panelists: Joshua Brickman, Oracle; Jen Gilbert, Cisco; Matt Keller, Corsec; Eric Winterton, Booz Allen Hamilton.

  • Entropy Sources – Industry Realities and Evaluation Challenges

September 11 from 10-10:30AM ET

Alicia Squires: CISSP, Product Certification Engineer, Cisco Chair, CCUF Management Group

  • Cryptography and Common Criteria

September 11 from 11:30-12PM ET

Ashit Vora, Manager, Common Criteria Certification, Cisco and Chris Brych, Manager, Security Certifications, SafeNet, Inc.

  • Lessons and Recommendations from Evaluating Against NDPP in Three Different Schemes

September 11 from 5-5:30PM ET

Terrie Diaz, Product Certification Engineer, Cisco and Ashit Vora, Manager, Common Criteria Certification, Cisco

  • Widening the Use of CC for End Users Worldwide

September 12 from 9:30-11AM ET

Moderator: Michele Mullen, Director, ATA, CSEC

Adam Golodner, Director, Global Security & Technology Policy, Cisco; Steve Lipner, Microsoft; Blackberry (INVITED); Ericsson (INVITED)

Tags: , , , , , ,

Invitation to attend a discussion about IT product security and information assurance requirements for the Canadian government

The Common Criteria Users Forum is inviting representatives from Canadian government agencies to participate in a free round-table discussion about how the information assurance requirements of Canadian government agencies can be incorporated in international standards for IT security and the evaluation of IT products.

Specifically, we are hoping to engage individuals who have a working-level understanding of government IT security standards, procurement policies, or certification and accreditation, in a discussion about how Canadian government agencies can provide input into the development of Common Criteria Protection Profiles for IT products.

Note that we will not be discussing specific requirements, it is not a commercial or sales event, and there is no fee or obligation for attending.  While this event is intended for Canada, the CCUF is looking to expand to other geographies.

Common Criteria Users Forum


Date, time, and location:
The meeting is being held on Friday, 17 May 2013 from 10:30 AM to noon, at Oracle, 45
O’Connor St Ottawa, ON K1P 1A4.
10:30 to 10:45 — Welcome and introductions
10:45 to 11:00 — A brief introduction to the Common Criteria and the CCUF
11:00 to noon — Round-table discussion

Read More »

Tags: , , , , , ,

The Role of Common Criteria in Cyber Security

Today more than ever, networks are transforming the way organizations operate and are touching more people through a wider range of devices than ever before. Achieving a secure infrastructure is increasingly complex with today’s mobility, collaboration and cloud services added to the mix. These new capabilities offer much operational efficiency and reduce costs, but they also introduce additional risk to the network.  Read More »

Tags: , , ,