common-criteria – WindowsTechs.com

How can the NDcPP certification report be used to select the suitable equipment for different data classification levels?

Posted on April 11, 2024 by Chandra Perera

Data can be classified differently. How could the NDcPP certification report of a product be used to determine suitable equipment for the required data classification?
For an example, where to look in the NDcPP report to determine the suit… Continue reading How can the NDcPP certification report be used to select the suitable equipment for different data classification levels?→

Does defining "a minimum path length" for certification validation have any security benefit?

Posted on January 31, 2023 by Ebrahim Ghasemi

As you may know, Common Criteria (AKA ISO/IEC15408: A standard for IT Security Evaluation) have provided some security base-line documents named "Protection Profile" for software developers and product manufacturers. Developers a… Continue reading Does defining "a minimum path length" for certification validation have any security benefit?→

Product evaluation model and certification/accreditation

Posted on July 20, 2022 by Ana Maria

I’m studying for CISSP exam and some topics are really tricky for me. One of those is the product evaluation model which is described in several standards (the most recent one is the Common Criteria). Later in the same chapter the definiti… Continue reading Product evaluation model and certification/accreditation→

Product evaluation model and certification/accreditation

Posted on July 20, 2022 by Ana Maria

Validate the conformance of an OpenSSL created certificate with FIPs standards

Posted on December 30, 2021 by DummyBeginner

Trying to test the conformance of the certificates inside our application, with the below requirement:

The application shall [selection: invoke platform-provided
functionality, implement functionality ] to generate asymmetric
cryptographi… Continue reading Validate the conformance of an OpenSSL created certificate with FIPs standards→

Can a software application / OS get past EAL4 if no source code is available

Posted on June 10, 2021 by jonnyjandles

The EAL for Common Criteria are described briefly as:
EAL1: Functionally Tested. …
EAL2: Structurally Tested. …
EAL3: Methodically Tested and Checked. …
EAL4: Methodically Designed, Tested, and Reviewed. …
EAL5: Semi-Formally Desig… Continue reading Can a software application / OS get past EAL4 if no source code is available→

Get original text of Common Criteria protection profile

Posted on March 3, 2021 by displayname

In translated from an English profile, combined from a couple of profiles (I found that one is Protection Profile for Application Software v1.2 of NIAP) I have something like

"TOE security functions must provide for the preliminary
i… Continue reading Get original text of Common Criteria protection profile→

What additional paperwork would be needed to get from EAL4 vertification to EAL7?

Posted on August 9, 2020 by penceyreject

If my product is currently at EAL4, what is the process to get to EAL7? What additional paperwork or requirements would I need to complete?

Continue reading What additional paperwork would be needed to get from EAL4 vertification to EAL7?→

Where do Common Criteria threats, policies, assumptions and objectives come from?

Posted on September 19, 2019 by Eugene Ryabtsev

When reading something dealing with Common Criteria for Information Technology Security Evaluation it is clear where ABC_DEF-type acronyms come from – they are thoroughly described in parts 2 and 3.

But where do Threats, Po… Continue reading Where do Common Criteria threats, policies, assumptions and objectives come from?→

IP Encryptor and Firewall

Posted on May 28, 2019 by R. Sam

Firewalls implement IPsec VPN and perform packet filtering. IP Encryptor, on the other hand implements IPsec VPN and achieve security goals (confidentiality, integrity and authentication).
What are the advantages of IP Encryp… Continue reading IP Encryptor and Firewall→