Computer evaluation certification is an international IT software and operating system security certification process in which software and operating systems are evaluated by private, third-party organizations to assign a computer security rating established according to "Common Criteria" guidelines for safety, stability and reliability.
Once the software or operating system has been evaluated and assigned a level, the certification must be reevaluated with each new release or system security upgrade; a new level is then assigned by the third-party evaluator.
Instructions
1) Select an approved Common Criteria third-party evaluator to evaluate your software or operating system.
Evaluators approved by the Common Criteria Evaluation and Validation Scheme (CCEVS) standards as of December 2010 are Arca CCT, Atsec Information Security Corporation, Booz Allen Hamilton Common Criteria Testing Laboratory, COACT Inc. CAFE Laboratory, Computer Sciences Corporation, CygnaCom Solutions, Inc, DSD Information Assurance Laboratory (DIAL), InfoGard Laboratories, Inc. and SAIC Common Criteria Testing Laboratory. The creator of the software or operating system is responsible for the evaluation costs, which can be expensive.
Evaluators approved by the Common Criteria Evaluation and Validation Scheme (CCEVS) standards as of December 2010 are Arca CCT, Atsec Information Security Corporation, Booz Allen Hamilton Common Criteria Testing Laboratory, COACT Inc. CAFE Laboratory, Computer Sciences Corporation, CygnaCom Solutions, Inc, DSD Information Assurance Laboratory (DIAL), InfoGard Laboratories, Inc. and SAIC Common Criteria Testing Laboratory. The creator of the software or operating system is responsible for the evaluation costs, which can be expensive.
2) Prepare the mandatory technical documents and the guidance documents required by the Common Criteria evaluation procedures and submit them to the third-party evaluation team.
You should probably hire a consultant familiar with the Common Criteria language and evaluation criteria to assist in creating these documents if your team is not familiar with Common Criteria evaluation process.
You should probably hire a consultant familiar with the Common Criteria language and evaluation criteria to assist in creating these documents if your team is not familiar with Common Criteria evaluation process.
3) Apply to an approved Common Criteria third-party evaluator for your software or operating system to be reevaluated upon each new release or security update.
You can ask for permission to reuse most of the previous evaluations data; if approved, this can significantly shorten the time to approval of a new version or release of a product and lessen the cost of reevaluation.
You can ask for permission to reuse most of the previous evaluations data; if approved, this can significantly shorten the time to approval of a new version or release of a product and lessen the cost of reevaluation.
Posted in: Password Security,PC Support,Technical Support,TechSupp 247
0 comments:
Post a Comment