Transcript Slide 1
The Common Criteria Cs5493(7493) CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series CC: Background • 1996 - The CC was conceived following the TCSEC, Rainbow series. • The Rainbow series was used as a guide and model for the CC. • 1997 NIAP is formed (National Information Assurance Partnership) • Published in 1998 CC: Background 1999 Adopted by the ISO (International Standards Organization, ISO-15408) 2000 Evaluations performed by accredited labs with government oversight and validation. 2003 NSA Assumes responsibility for CCEVS (CC Evaluation and Validation Scheme) CC Purpose • To provide consistent evaluation standards to IT products and systems • To improve the availability of evaluated security-enhanced IT products and systems. • To eliminate duplicating evaluations of IT products and systems. • To improve the efficiency and costeffectiveness of the evaluation process. CC The CC does not define the features of an IT product The CC does not require the product itself be secure The CC is a common framework for an evaluation process. CC By placing focus on security evaluation process, and not on the actual product design, vendors can keep their technology proprietary. The CC Process IT products are organized into categories: http://www.commoncriteriaportal.org/products The CC Process The CC process is centered around an IT product referred to as the Target Of Evaluation: TOE. The CC Process is determined for the TOE by three documents: 1. The Protection Profile (PP) 2. The Security Target (ST) 3. The Certification/Validation Report CC General Requirements • Functional security requirements – define desired security behavior. • Assurance requirements – indicating claimed security measures are effective and implemented correctly. The CC Process: Protection Profile Each IT category has at least one document describing the functional and assurance security requirements. These documents are known as Protection Profiles CC: Protection Profile Created by a user, user community, laboratory, etc. NIAP is currently working on a standard protection profile for each technology category. CC : Protection Profile Contains a description of threats Security objectives Security functional requirements Security assurance requirements etc CC : Security Target The Security Target (ST) document is usually written by the developer/vendor of the IT product. CC : Security Target The document contains information on how the TOE fulfills the security objectives outlined in the PP. CC : Evaluation • The evaluation process is used to determine if the security target (ST) is satisfied for the target of interest (TOE). • The TOE developer requests the evaluation. • Evaluation only occurs when the product is complete • Cost of the evaluation is negotiated between the developer and the evaluator. CC : Evaluations A validation/certification report documents the evaluation findings. CC : Validation Validation for the TOE comes in the form of a Validation/Certification Report. The Validation report assigns an EAL to the TOE. CC : EAL Evaluation Assurance Levels Levels 1 through 7 The EALs reflect the degree of confidence a user can have in the performance of the TOE EAL – 1 are no longer done by accredited labs EAL – 2 through 4 are assigned by one of the accredited labs EAL 4+ are assigned by the NSA CC : EAL EAL 1-4 do not require evaluation of the software, only the development process EAL 4+ require more rigorous design evaluation. CC Sustainability Cycle – Revisions are required as vulnerabilities are discovered – Each revision may require re-evaluation Accredited Evaluators NIST accredits the evaluators There are 15 countries that have accredited evaluators. There are 11 other countries that support the CC standards.