Difference between revisions of "Common Criteria"
(→Taxonomy) |
(→2024-11-09) |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 4: | Line 4: | ||
==Context== | ==Context== | ||
* [https://www.commoncriteriaportal.org/files/ccfiles/CCPART1V3.1R5_marked_changes.pdf Common Criteria for Information Technology Security Evaluation] | * [https://www.commoncriteriaportal.org/files/ccfiles/CCPART1V3.1R5_marked_changes.pdf Common Criteria for Information Technology Security Evaluation] | ||
| + | * Originally issued in 1996 by US, UK, Germany, France Canada and the Netherlands. | ||
===Taxonomy=== | ===Taxonomy=== | ||
| + | The entire document is filled with jargon of their own making. [https://www.cs.clemson.edu/course/cpsc420/material/Evaluation/CC.pdf This linked document contains the most interesting terms.] Some have been abstraction below. | ||
* TOE = target of evaluation set of software, firmware and/or hardware possibly accompanied by guidance | * TOE = target of evaluation set of software, firmware and/or hardware possibly accompanied by guidance | ||
| − | * TSF = TOE Security Function | + | * TSF = TOE Security Function. The TSF is a generalization of the TCSEC concept of a TCB. (Trusted Computing Base.) |
| + | ==Meetings== | ||
| + | ===2024-11-09=== | ||
| + | |||
| + | Hajj had the pleasure of attending and presenting at the International Common Criteria Conference in Doha, Qatar. It was a milestone event, marking the first time the conference has been held in the Middle East, hosted by #Qatar’s The National Cyber Security Agency. Notably, Qatar is already a member of the Common Criteria Recognition Arrangement (#CCRA), and #Jordan has now joined as well—a remarkable step forward for the region! | ||
| + | |||
| + | Congratulations to Centre for Cybersecurity Belgium, which has also joined the CCRA. | ||
| + | |||
| + | The conference was rich with insightful discussions on a range of significant topics, including updates on certification schemes, #EUCC implementation, the Cyber Resilience Act (#CRA), advances in vulnerability handling, accreditation of Conformity Assessment Bodies (CABs), and the application of Common Criteria (CC) in new domains like automotive security with #ISO21434, #cloud security based on #NIAP cPPs, #5G, and #eIDAS / #QSCD. | ||
| + | |||
| + | Regarding mutual recognition, #CCRA and European Union Agency for Cybersecurity (ENISA) are actively collaborating to establish mutual recognition of EUCC certificates, with the goal of achieving global interoperability. | ||
| + | |||
| + | In my presentation, I focused on optimizing #eUICC certification through EUCC, leveraging the Cryptographic Service Provider (#CSP) for streamlined composite certification. I also highlighted the importance of harmonizing EUCC with #GSMA’s #eSA scheme and using GSMA’s eUICC specifications as supporting evidence in EUCC evaluations. | ||
| + | |||
| + | While the conference showcased significant progress, many challenges remain to be tackled in the coming years. | ||
==References== | ==References== | ||
[[Category: Cryptography]] | [[Category: Cryptography]] | ||
Latest revision as of 10:03, 12 November 2024
Full Title or Meme
Common Criteria International Standards of secure computing and communications.
Context
- Common Criteria for Information Technology Security Evaluation
- Originally issued in 1996 by US, UK, Germany, France Canada and the Netherlands.
Taxonomy
The entire document is filled with jargon of their own making. This linked document contains the most interesting terms. Some have been abstraction below.
- TOE = target of evaluation set of software, firmware and/or hardware possibly accompanied by guidance
- TSF = TOE Security Function. The TSF is a generalization of the TCSEC concept of a TCB. (Trusted Computing Base.)
Meetings
2024-11-09
Hajj had the pleasure of attending and presenting at the International Common Criteria Conference in Doha, Qatar. It was a milestone event, marking the first time the conference has been held in the Middle East, hosted by #Qatar’s The National Cyber Security Agency. Notably, Qatar is already a member of the Common Criteria Recognition Arrangement (#CCRA), and #Jordan has now joined as well—a remarkable step forward for the region!
Congratulations to Centre for Cybersecurity Belgium, which has also joined the CCRA.
The conference was rich with insightful discussions on a range of significant topics, including updates on certification schemes, #EUCC implementation, the Cyber Resilience Act (#CRA), advances in vulnerability handling, accreditation of Conformity Assessment Bodies (CABs), and the application of Common Criteria (CC) in new domains like automotive security with #ISO21434, #cloud security based on #NIAP cPPs, #5G, and #eIDAS / #QSCD.
Regarding mutual recognition, #CCRA and European Union Agency for Cybersecurity (ENISA) are actively collaborating to establish mutual recognition of EUCC certificates, with the goal of achieving global interoperability.
In my presentation, I focused on optimizing #eUICC certification through EUCC, leveraging the Cryptographic Service Provider (#CSP) for streamlined composite certification. I also highlighted the importance of harmonizing EUCC with #GSMA’s #eSA scheme and using GSMA’s eUICC specifications as supporting evidence in EUCC evaluations.
While the conference showcased significant progress, many challenges remain to be tackled in the coming years.
