It\u2019s always great to get together with others from our industry to discuss advances and collaborate on moving processes forward for Common Criteria. Last month, several of us had the opportunity to work with colleagues from around the world at two separate events in Orlando, Florida.<\/p>\n
A group of us spent the first two weeks of September in Orlando, as Corsec sent multiple attendees to both the 4th<\/sup> Joint CCDB\/CCUF Workshop<\/a> and the 14th<\/sup> International Common Criteria Conference this year.<\/span><\/p>\n What is the Joint Workshop?<\/b><\/p>\n The Common Criteria Development Board (CCDB) is made up of representatives from the 17 certificate producing nations in the Common Criteria Recognition Agreement (CCRA). The CCDB meets twice a year, and in February 2012, the CCDB invited \u201cindustry\u201d to join them in Tokyo, Japan for the first Joint Workshop.\u00a0 Corsec was one of 15 consultants, labs, and vendors that attended the first workshop. A key part of these workshops is a set of scheduled discussion sessions for the CCDB and Common Criteria User Forum (CCUF). The CCDB can ask the CCUF questions and ask the CCUF to consider working on specific areas to help move Common Criteria forward and vice versa with CCUF asking the CCDB the same things. The Joint Workshops that followed Tokyo had increasing attendance:<\/p>\n The 4th<\/sup> Joint Workshop was an even bigger success, with approximately 80 industry attendees, and several Technical Communities (TC) and Technical Working Groups (TWG) meeting to advance their goals. The attendees were from many different nations and included consultants, evaluation labs, product vendors, scheme representatives and some other interested parties. The 4th<\/sup> Joint Workshop did several new things to improve the collaboration and the output. While the workshops have always had a focus on discussion (not presentations) and producing some output or work product from each session, this workshop focused on giving TCs and TWGs longer periods of time to work towards producing their work product.\u00a0 Throughout the four-day workshop, there were at least three and sometimes four separate tracks focusing on different tasks. Some TCs or TWGs were given two to three hours, others were allocated an entire eight-hour day. Also new for this Joint Workshop was time allocated for multi-hour joint working sessions attended by both members of the CCDB and the CCUF. They worked collaboratively on four key topics to move the Common Criteria forward.<\/p>\n Technical Communities<\/b><\/p>\n TCs are an international group of product developers, consultants, evaluation labs, government schemes, and other participants working to author one or several CC protection profiles in a specific security product space. TCs for several product areas met during the week, including:<\/p>\n Technical Working Groups<\/b><\/p>\n TWGs are open to the same participants as the TCs but focus on a specific task needed to move the Common Criteria or the CCUF forward. There are TWGs working on many topics including:<\/p>\n US \u2013 CNSSP#11<\/b><\/p>\n One session that was particularly interesting was a session co-hosted by a National Information Assurance Partnership (NIAP) representative to discuss the United States\u2019 information assurance product acquisition policy, Committee on National Security Systems Policy (CNSSP) #11<\/a> . The policy specifically requires information assurance products acquired for National Security Systems to be Common Criteria and FIPS 140-2 validated. NIAP clarified that products currently listed on the NIAP-maintained Product Compliant List (PCL), on the NIAP-maintained Validated Products List (VPL), and the Common Criteria Portal maintained Certified Product List all currently meet the criteria for purchase.\u00a0 Many other details of this acquisition policy were discussed.<\/p>\n\n
\n
\n