1 Andrzej Białas Barbara Flisiuk Institute of Innovative Technologies EMAG IT SECURITY DEVELOPMENT PROCESS IN THE EXPERIMENTAL SECLAB DEVELOPMENT ENVIRONMENT Introduction The paper concerns one of three major processes of ISO/IEC Common Criteria methodology: IT security development process dealing with analysis of an IT product security and workout of security functions which are implemented in product at its successive development stages. Particularly, paper describes how this process is organized in experimental laboratory SecLab of EMAG Institute, i.e. on basis of specially prepared patterns and with support of a dedicated tool. SecLab makes use of products which were developed in course of CCMODE project (Common Criteria compliant Modular Open IT security Development Environment) [CCMODE] completed by EMAG Institute. The CCMODE project resulted in following: patterns for constructing elements of a development environment, including patterns of so called evaluation evidences, a method to implement patterns while constructing environment, software which supports environment implementation process and manages this environment during its exploitation CCMODE Tools, know-how necessary to implement and exploit environment. The efficiency and quality of IT security development process can be significantly improved by design patterns, common knowledge source and specialized software which supports development process. CCMODE products were developed for businesses which construct ir own development environments for IT products. The SecLab laboratory demonstrates how to build such environments and how to exploit m properly and efficiently.
2 26 Andrzej Białas, Barbara Flisiuk Rigorous processes of Common Criteria (CC) standard [CC1-3, CCPortal] have been stipulated to ensure reliability of IT products. Here reliability has been replaced by a more adequate term assurance. Assurance means that when a certain threat occurs, IT product will be able to perform its security objectives. In or words, security measures will work and will properly protect attacked asset. Assurance is measured by Evaluation Assurance Levels (EAL), from EAL1 (min.) to EAL7 (max.). The reliability of applied security measures is a matter of utmost importance for IT products which are to be used in high-risk operational environments (with real, serious threats and high value of processed information or provided IT services). The paper is an extension of [BiaFli14] which featured standards that are basis of SecLab laboratory, its organization, tools worked out within CCMODE project and used for development of IT products, tools and methods to protect data related to projects carried out in SecLab, and sample projects completed re. The paper demonstrates how IT security development process, basic CC-methodology process, is carried out on basis of patterns. The process comprises analysis of IT product usability, its operational environment and risk factors. This way security requirements can be worked out and implemented in form of IT product security functions. The paper gives brief characteristics of three basic processes of Common Criteria (section Processes of Common Criteria methodology). Against this background subprocesses of IT security development process are described (section Implementation of IT security development process in SecLab). In conclusions, furr steps are mentioned leading to implementation of security functions in a concrete IT product. Before reading paper readers are recommended to have a look at publications [Hig10, Her03, Bia11a, Bia12] or or sources of knowledge about Common Criteria methodology [CCPortal, CCMODE]. Processes of Common Criteria methodology The processes of Common Criteria methodology were extensively presented in form of formal models in monograph [Bia08]. Therefore description provided in this paper is a shortened illustration of issue. Here it is important to note that due to assumed future evaluation and certification, IT product is called TOE (Target of evaluation) in nomenclature of CC standard.
3 IT SECURITY DEVELOPMENT PROCESS 27 The CC methodology comprises three basic processes: IT security development process; after different security analyses re is a document prepared, called Security Target (ST); TOE development process, including preparation of TOE documentation; IT security evaluation process carried out in an independent, accredited laboratory in a country which implemented CC standard and signed Common Criteria Recognition Arrangement (CCRA) [CCPortal]. According to Common Criteria methodology, Security Target document, which is worked out in course of IT security development process, defines TOE security functions (TSFs). TSFs are in compliance with Security functional requirements (SFRs) identified for IT product. These functions are later implemented in IT product during TOE development process, in compliance with EAL declared for TOE. During TOE development process re is quite exhaustive documentation produced, which is in accordance with Security assurance requirements (SARs) [Bia14]. The documentation is an extension of Security Target and plays a role of evaluation evidences produced for purposes of third process IT security evaluation. In this paper authors focus on first of three above mentioned processes and its subprocesses. The process execution was presented in experimental development environment of SecLab with use of design patterns and a supporting tool described in [BiaFli14]. Implementation of IT security development process in SecLab The process of developing a Security Target for IT product (TOE) includes a number of activities specified in Common Criteria documents. The key activities can be grouped into seven basic subprocesses: featured in Figure 1 and presented in successive subchapters.
4 28 Andrzej Białas, Barbara Flisiuk Fig. 1. IT security development process Figure 1 presents main succession of operations. In reality process is carried out incrementally with possible returns to any subprocesses. The Security Target document is a result of IT security development process. The document structure and content are determined in [CC1-3]/part1 and in components of ASE (Security target evaluation) class [CC1-3]/part3. Within CCMODE project re was an STp pattern (Security target pattern) prepared for IT security development process. The STp pattern has a form of an MS Word template Figure 2. It can be used with this editor or with GenDoc application which is one of main modules of CCMODE Tools. This toolset broadly supports Common Criteria methodology, including IT security development processes [Rog14].
5 IT SECURITY DEV VELOPMENT PRO OCESS 29 Fig. 2. Security Target pattern in CCM MODE Tools GenDoc appl lication Source: EMAG s documentation, On left side of Figure 2 re is a hierarchical, formalized structure of ST document. For high hlighted Security problem definition, its basic sec- tions were pres ented in right window. During IT security development process all elements of structure are filled with conten abou ut developed IT pro oduct (TO OE). In order to defi ne content, it is necessary to conduct a number of more or lesss complex analysess and rationales. Some of m require many knowledge sources and specialized supporting tools. In bottom part of GenDoc application window (Figure 2), its quick- access functions are shown, including accesss to external knowledge sources and knowledge base of CCM MODE Tools. While working on ST and o er documents, developer gets some hints how to present a give en issue in com m- pliance with CC standardd and sometimes even ready-to-use ir disposal a tool in form of Enterprise Arch hitect EA plugin. It helps to model in UML language and solve complex security issuess in realm of Common Criteria methodology. phrases are prompted. To carry out form malized taskss developers have at
6 30 Andrzej Białas, Barbara Flisi iuk Figure 3 presents a part of security model ( seee subsections: Security problem analysis and definition, Secu urity objectives elaboration) of an intelligent sensor for mining. Fig. 3. IT security development process Source: EMAG s documentation, Please note stereotyped UML classes representing threats (T), organiza- tional security policies (OSP), assumptions (A), security objectives for TOE (O), security objectives for TOE environment (OE), and relationships be- tween m. Alll security analyses are conducted with use of above men n- tioned EA plugin. The results of s se analyses are transferred, with help of GenDoc application, to Secu urity Target fields. A part of conten is worked out by developer, or is collected from database of tool. In SecL Lab laboratory IT security development process is performed by dev velopers with use of CCMODE Toolset [BiaFli14, Bia a12, Rog14]. The basic applied pattern is Security target pattern (STp). This pattern is indis- pensable when Security Target is prepared from scratch, on basiss of user s requirements (a typical development path) ). The remaining patterns listed in section 4 of [ BiaFli14] can be appl lied in special cases. Below r re is a simplified presentation of seve en subprocessess of IT se- curity development process. The sub bprocessess are performed on basis s of STp pattern. IT prod duct anal lysis and identification The first subprocesss comprises analysis of IT product and working out its informal description acc cording to CC requ uirements. First developer compiles different kinds of auxiliary management in- formation for who ole project (IDs of project and TOE, dates, versions, au-
7 IT SECURITY DEVELOPMENT PROCESS 31 thors, etc.) and n prepares a section of Security Target called TOE overview. This section helps potential clients, who go through list of evaluated products [CCPortal], to check wher developed TOE will meet ir requirements and wher it will be compatible with hardware and software y use. The TOE overview includes: use and major security features of TOE presents possibilities of TOE in terms of security and how to use m, in a language friendly to potential clients, e.g. for a firewall project: MyFWL Firewall, version 1.9, enables to control movement of packages between a public network and a protected private network on level of IP address and port numbers. The firewall also serves as a proxy. It has embedded mechanisms for events registration and for management by administrator ; TOE type according to general IT product taxonomy [CCPortal], e.g.: firewall, VPN-firewall, smart card, crypto-modem, intranet, web server, database, web server and database, LAN, LAN with web server and database, etc.; required non-toe hardware/software/firmware specifies hardware and software which should work in TOE environment, e.g. if TOE is an application se can be minimal requirements about computer and operating system on which this application works. More detailed information for evaluators and potential users concerning structure and possibilities of TOE are placed in next section TOE description, which is focused on two issues: physical scope of TOE specification of hardware elements, software, firmware and documentation which make up TOE; it is important to point wher given element is a part of TOE or TOE environment; logical scope of TOE features/functionalities of TOE related to security and described as logical components; it is necessary to demonstrate wher or not given feature/functionality belongs to TOE. The above results of IT product analysis are placed in ST Introduction section of Security Target as identifiers and informal descriptors. Conformance claims preparation Conformance claims express IT product compliance with proper version of CC standard and with security requirements contained in protection profiles (previously evaluated set of requirements given Security Target must comply with). More importantly, however, conformance claims declare EAL for developed IT product. The developer should prepare proper declarations. The TOE de-
8 32 Andrzej Białas, Barbara Flisiuk velopment process will be carried out according to rigour determined in Security assurance components (SARs) for declared EAL [Bia14]. Security problem analysis and definition Once IT product is defined in terms of its usability, developer performs main operations of IT security development process. They begin from analysis of IT product security, which is to prepare a section of Security Target called Security Problem Definition (SPD). SPD can have an informal or semiformal character. In latter case, which is a more precise one, so called generics are used as specification means. Generics are also applied in successive subprocesses: to specify security objectives and TOE security functions. The features of generics are equal to semiformal SFR and SAR components. The issue of specification means, including generics and ir models in UML and OWL, is exhaustively discussed in [Bia11a, Bia11b, Bia10a, Bia10b, Bia10c, Bia09]. The first operation of SPD subprocess is identification of assets. According to Common Criteria methodology, TOE contains two groups of assets: users assets, such as: memory, electronic media, external devices, transmission lines and devices with ir bands, computing power, etc.; se assets are used in production, processing and information transfer, assets which ensure TOE security, related to its security functions (TSF), e.g. auntication data, cryptographic keys, secrets, assets attributes. Elementary assets have two forms: active entities, i.e. assets which initiate operations inside TOE or on TOE information; y are called subjects (here: Sxx), passive entities, i.e. assets which are only source from which information is taken or serve as a place for storing information; y are called objects or data and or assets (here: DAx) and are target of operations initiated by subjects. Assets protected by TOE can be placed inside or outside TOE. The following generic is a sample elementary description of a protected asset: DAE.ProtNet. Hosts, workstations, ir data and services on private network protected by firewall. The asset is defined by means of mnemonics of ProNet generic (Protected network). The mnemonics is specified in generic description ( text following dot). The type of generic DAE prefix shows that protected assets are placed in TOE environment.
9 IT SECURITY DEVELOPMENT PROCESS 33 For assets, authorized (SAU) subjects are identified, e.g.: SAU.FullAccAdmin. TOE administrator, having full access rights. or unauthorized (SNA), e.g.: SNA.HighPotenIntrud. Intruder having high level skills, enough resources and deep motivation to perform a deliberate attack. Anor operation, key one of SPD, is identification of threats and ir description by means of threat generics (Txx): TDA.IllegAcc. An attacker [Sparam <= SNA.HighPotenIntrud] on hostile network may exploit flaws in service implementations (e.g. using a well known port number for a protocol or than one defined to use that port) to gain access to hosts or services [DAparam <= DAE.ProtNet]. The TDA prefix refers to all threats which are direct attacks. In description of generic re are two parameters: Sparam and DAparam. They represent, respectively, generic which describes subject: SNA.HighPotenIntrud (here so called threat agent) and data and or assets : DAE.ProtNet (here assets protected by firewall). The security problem can be expressed by means of threats specification for assets (as above) or by means of Organizational Security Policies (OSPs), which are expressed by generics too. While specifying threats or OSPs, certain assumptions are made (Axx) for TOE environment, connections, users and ir behaviours also expressed by generics, e.g.: AC.DualHomed. The firewall has separate network adapters for all network connections. The DualHomed generic, concerning connectivity aspects (AC), describes general structure of firewall. SPD is result of subprocess described here. It presents, in a concise and coherent way, security problem for developer to solve. Security objectives elaboration Anor subprocess is security objectives elaboration whose target is to solve security problem and present solution in form of a security objectives set. This can be done in an informal way, however, a more precise, semiformal approach is recommended with use of generics to specify security objectives. The security objectives define future security measures in an abstract manner and are formulated for TOE O subset (TOE responsibility for solving elementary security problem) or for environment OE subset (environment responsibility). Many categories of objectives were defined in relation to applied groups of security measures.
10 34 Andrzej Białas, Barbara Flisiuk Here is an example of an objective which solves an elementary problem TDA.IllegAcc: OACC.LmtIPAddr. The firewall enforces access control by limiting valid range of addresses expected on each of private and hostile networks (i.e. an external host cannot spoof an internal host). The OACC prefix represents a category of objectives related to access control. It is formulated for TOE, which means that its access control mechanism will be implemented in TOE as one of its TSFs. This objective is supported by anor one for TOE environment: OSMN.SecConfManag. Security-relevant configuration management. Managing and updating system security policy data and enforcement functions, and or security-relevant configuration data, in accordance with organizational security policies. Its performance will take place outside TOE (it will not be specified to form of a TOE security function). The OSMN prefix expresses a category of objectives which refer to security management. The objectives have to solve fully previously identified security problem (SPD). All SPD elements have to be covered by objectives ( problem solved) and neir of objectives is redundant ( solution is effective). Each of such facts has to be justified. The subprocess results in a coherent and justified security objectives specification with objectives divided into those fulfilled by TOE and those by TOE environment. Extended components definition It is possible for developers to define ir own components provided that ir form is in compliance with one given by Common Criteria. This rare situation occurs when neir of components described in standard is able to express specific needs of developer. For example, applications which generate cryptographic keys need a generator of random numbers. In CC catalogues re are no proper SFR components for this generator to assess quality (entropy) of generated random numbers. If such a component needs to be used in ST specification, it has to be defined first. This is objective of subprocess described here.
11 IT SECURITY DEVELOPMENT PROCESS 35 Security functional and assurance requirements elaboration Security objectives represent elementary solutions to security problems. They can be expressed in an informal or semiformal (more precise) way. However, y will be always expressed in natural language of developers, which can be interpreted quite freely. That is why it is necessary to translate this specification into a unified language defined in Common Criteria, i.e. to express security objectives by means of functional components security functional requirements (SFRs). For example, TOE objective OACC.LmtIPAddr meets requirements expressed by two functional components: FDP_ACF.1 Security attribute based access control. FDP_ACC.2 Complete access control. The FDP class of functional components described in [CC1-3]/part2 signifies User data protection, while its family FDP_ACF describes access control functions and FDP_ACC access policy rules. The identified SFR components can have ir dependent components which need to be analyzed too, eir attached to basic ones or rejected (with justification). To put it simply, subprocess of security functional and assurance requirements elaboration is equal to finding an SFR for each TOE security objective. The specification needs precise justification. The choice of SAR components results from an arbitrarily declared EAL. TOE security functions workout The last subprocess of IT security development is TOE security functions workout. The developer defines a set of TOE security functions to be implemented in IT product according to security assurance requirements complying with declared EAL. In method applied here, SFR requirements are grouped around security objectives related to TOE, conflicts and overlappings are solved, common parts of groups are identified and, on this basis, a set of TOE security functions is formulated. For example, for firewall project [Bia08, Bia09] following six TSFs were identified: TSF.LmtIPAddr. Function responsible for IP address control between hostile and protected networks, using: apparent source IP address or host name and destination IP address or host name.
12 36 Andrzej Białas, Barbara Flisiuk TSF.LmtPortHost. Function responsible for port number control between hostile and protected networks, using apparent source port number and destination port number. TSF.OnProxyAuth. Function responsible for auntication of end user prior to establishing a through connection for specified services. TSF.AdminAuth. Function responsible for firewall administrator access control, ensuring that only authorized [Sparam <= SAU.FullAccAdmin] are able to access firewall functionality. The detailed functionality: system login (identification, auntication), administrator accountability, logout. TSF.Audit facilities. Function responsible for recording security related events and its management for audit purposes. These events may concern: IP addresses limitation, port number limitation, users auntication on proxy for selected network services, administrator s login, operations, and logout. TSF.FirewallManagement. Function responsible for effective management of TOE and its security functions. The firewall administrator [Sparam <= SAU.FullAccAdmin], and only firewall administrator, can perform following functions: display and modify firewall access control parameters, initialize and modify user auntication data, display and modify user attributes, select events to be audited, identify subset of auditable events deemed to indicate a possible or imminent security violation, associate separate auntication mechanisms with specific auntication events, verify integrity of firewall. The TSF specification is final phase of security development process which results in preparation of Security Target. Conclusions The paper provides extended information about Common Criteria methodology and its implementation in SecLab laboratory described in [BiaFli14]. The paper is focused on one of three main processes of CC methodology, i.e. IT security development process. The objective of this process is to analyze security of IT product and to work out security requirements for it. These security requirements are expressed in form of TOE security functions. The result of IT security development process is Security Target document. TSF functions behave like black boxes whose contents will be worked out during TOE development process. The result of this process will be a detailed project of IT product. As this is quite an exhaustive issue, it will be presented in a separate work [Bia14].
13 IT SECURITY DEVELOPMENT PROCESS 37 SecLab is an experimental environment for development of IT products in compliance with Common Criteria methodology. SecLab was equipped with patterns of processes and documents, implemented in CCMODE Tools specialized software. The objective of se operations is to improve quality and efficiency of development process and, this way, to increase chances for positive certification of IT product. References [Bia11b] Białas A.: Common Criteria Related Security Design Patterns for Intelligent Sensors Knowledge Engineering-Based Implementation. Sensors 2011, 11, , available at: [Bia10a] Białas A.: Common Criteria Related Security Design Patterns Validation on Intelligent Sensor Example Designed for Mine Environment. Sensors 2010, 10, , available at: [Bia10b] Białas A.: Intelligent Sensors Security. Sensors 2010, 10, , available at: [Bia10c] Białas A.: Patterns-based Development of IT Security Evaluation Evidences. The 11th International Common Criteria Conference, Antalya, September 2010 (published in an electronic version), [Bia14] Białas A.: Common Criteria Compliant IT Product Development in Experimental SecLab Laboratory. In: M. Pańkowska, J. Palonka, H. Sroka (eds.): Ambient Technologies and Creativity Support Systems. Uniwersytet Ekonomiczny, Katowice [Bia12] Białas A. (ed): Komputerowe wspomaganie procesu rozwoju produktów informatycznych o podwyższonych wymaganiach bezpieczeństwa (Computer Support for Development of IT Products of Enhanced Security). Wydawnictwo Instytutu Technik Innowacyjnych EMAG, financed by UE POIG 1.3.1, Katowice [Bia08] Białas A.: Semiformal Common Criteria Compliant IT Security Development Framework. Studia Informatica 2008, Vol. 29, No 2B(77), Silesian University of Technology Press, Gliwice. [Bia11a] Białas A. (ed.): Zastosowanie wzorców projektowych w konstruowaniu zabezpieczeń informatycznych zgodnych ze standardem Common Criteria (Design Patterns for Development of IT Security in Compliance with Common Criteria). Wydawnictwo Instytutu Technik Innowacyjnych EMAG, financed by UE POIG 1.3.1, Katowice 2011.
14 38 Andrzej Białas, Barbara Flisiuk [Bia09] Białas A.: Validation of Specification Means Ontology on Simple Firewall Case. In: H. Arabnia, K. Daimi (eds.). Proceedings of 2009 International Conference on Security and Management (The World Congress in Applied Computing SAM 09: July 13-16, Las Vegas, USA), Vol. I, 2009, Publisher: CSREA Press, pp [BiaFli14] Białas A., Flisiuk B.: Specialized Development Environments for Security-enhanced IT Products and Systems. In: M. Pańkowska, J. Palonka, H. Sroka (eds.): Ambient Technologies and Creativity Support Systems. Uniwersytet Ekonomiczny, Katowice [CCMODE] CCMODE (Common Criteria compliant, Modular, Open IT security Development Environment). [CC1-3] Common Criteria for IT Security Evaluation, part 1-3. v [CCPortal] Common Criteria Portal [Her03] Hermann D.S.: Using Common Criteria for IT Security Evaluation. CRC Press: Boca Raton, FL, USA, [Hig10] Higaki W.H.: Successful Common Criteria Evaluation. A Practical Guide for Vendors. Copyright 2010 by Wesley Hisao Higaki, Lexington, KY PROCES ROZWOJU BEZPIECZEŃSTWA IT W EKSPERYMENTALNYM ŚRODOWISKU ROZWOJU SECLAB Streszczenie Artykuł zawiera krótką charakterystykę trzech podstawowych procesów podejścia Common Criteria. Autorzy opisują, jak proces rozwoju bezpieczeństwa technologii informacji jest zorganizowany w eksperymentalnym laboratorium SecLab w Instytucie EMAG. Badany proces obejmuje analizę użyteczności produktu informatycznego, opis jego środowiska działania i czynniki ryzyka. Prowadząc analizę w ten sposób, autorzy opracowują specyfikację wymagań i dokonują wdrożenia funkcji bezpieczeństwa produktu informatycznego. W części obejmującej wnioski końcowe autorzy przedstawiają dalsze kroki wdrażania funkcji bezpieczeństwa w odniesieniu do konkretnych produktów informatycznych.
Andrzej Białas Barbara Flisiuk Institute of Innovative Technologies EMAG SPECIALIZED DEVELOPMENT ENVIRONMENTS FOR SECURITY-ENHANCED IT PRODUCTS AND SYSTEMS Introduction The paper concerns the issue how
Supporting Document Mandatory Technical Document Evaluation Activities for Stateful Traffic Filter Firewalls cpp February-2015 Version 1.0 CCDB-2015-01-002 Foreword This is a supporting document, intended
Certification Report EAL 3+ Evaluation of AccessData Cyber Intelligence and Response Technology v2.1.2 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria
for smart cards and similar devices Document purpose: provide requirements to developers and guidance to evaluators to fulfill the Security Architecture requirements of CC V3 ADV_ARC family. Version 2.0
Supporting Document Guidance Security Architecture requirements (ADV_ARC) for smart cards and similar devices April 2012 Version 2.0 CCDB-2012-04-003 Foreword This is a supporting document, intended to
Common Criteria Security Target For XenApp 6.0 for Windows Server 2008 R2 Platinum Edition Version 1-0 7 February 2011 2011 Citrix Systems, Inc. All rights reserved. Summary of Amendments Version 1-0 7
Template: CSEC_mall_doc.dot, 7.0 Ärendetyp: 6 Diarienummer: 14FMV10188-21:1 Dokument ID CB-015 HEMLIG/ enligt Offentlighets- och sekretesslagen (2009:400) 2015-06-12 Country of origin: Sweden Försvarets
Common Criteria Introduction 2014-02-24 Emilie Barse Magnus Ahlbin 1 Magnus Ahlbin Head of EC/ITSEF Information and Security Combitech AB SE-351 80 Växjö Sweden firstname.lastname@example.org www.combitech.se
Certification Report EAL 3+ Evaluation of Rapid7 Nexpose Vulnerability Management and Penetration Testing System V5.1 Issued by: Communications Security Establishment Canada Certification Body Canadian
Common Criteria Security Target for Citrix XenDesktop 5.6 Platinum edition Version 1-1 16 November 2012 2012 Citrix Systems, Inc. All rights reserved Summary of Amendments Version Date Notes 1-1 16 November
Certification Report EAL 4+ Evaluation of WatchGuard Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of
Certification Report Symantec Network Access Control Version 12.1.2 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme
Certification Report EAL 4+ Evaluation of WatchGuard and Fireware XTM Operating System v11.5.1 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation
Extended Package for Mobile Device Management Agents 31 December 2014 Version 2.0 REVISION HISTORY Version Date Description 1.0 21 October 2013 Initial Release 1.1 7 February 2014 Typographical changes
Certification Report EAL 4+ Evaluation of Netezza Performance Server v4.6.5 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification
Certification Report EAL 3+ Evaluation of Extreme Networks ExtremeXOS Network Operating System v188.8.131.52 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria
Certification Report EAL 4 Evaluation of SecureDoc Disk Encryption Version 4.3C Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification
C038 Certification Report TAXSAYA Online File name: Version: v1a Date of document: 15 August 2013 Document classification: For general inquiry about us or our services, please email: email@example.com
Certification Report HP Universal CMDB and Universal Discovery v10.21 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government
Certification Report EAL 4+ Evaluation of BlackBerry Enterprise Server version 5.0.0 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification
Certification Report HP Network Automation Ultimate Edition 10.10 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government
KECS-CR-16-36 Korean National Protection Profile for Voice over IP Firewall V1.0 Certification Report Certification No.: KECS-PP-0717-2016 2016. 6. 10 IT Security Certification Center History of Creation
TNO report PP-Software Based Personal Firewall-1.2 Low Assurance Protection Profile for a Software Based Personal Firewall for home Internet use Version 1.2 Date 6 th April 2005 Author(s) Rob Hunter Dirk-Jan
Common Criteria v 3.1 Tutorial part I 9ICCC Korea,, 24/09/2008 1 Contents a. IT Security Evaluations b.the Common Criteria c. Key Concepts d.security Specifications 2 IT Security Evaluations The security
122-B CERTIFICATION REPORT No. CRP250 Business Intelligence Edition (OBIEE) Version 10.1.3.3.2 with Quick Fix 090406 running on update 5 Issue 1.0 June 2009 Crown Copyright 2009 All Rights Reserved Reproduction
Low Assurance Security Target for a Cisco VoIP Telephony System Security Target Version 1.6 March 14, 2005 Document Control Preparation Action Name Date Prepared by: Rob Hunter of TNO-ITSEF BV on behalf
Certification Report McAfee Enterprise Mobility Management 12.0 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government
Certification Report EAL 2+ Evaluation of Symantec Endpoint Protection Version 11.0 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification
Certification Report Trustwave Network Access Control (NAC) Version 4.1 and Central Manager Software Version 4.1 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria
17 Security Standards Over the past 10 years security standards have come a long way from the original Rainbow Book series that was created by the US Department of Defense and used to define an information
Australasian Information Security Evaluation Program Certification Report Certificate Number: 2010/70 23 November 2010 Version 1.0 Commonwealth of Australia 2010. Reproduction is authorised provided that
Certification Report Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security Establishment,
RSA, The Security Division of EMC RSA Data Loss Prevention Suite v6.5 Security Target Evaluation Assurance Level: EAL2 Augmented with ALC_FLR.1 Document Version: 0.7 Prepared for: Prepared by: RSA, The
Certification Report EAL 2+ Evaluation of Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications
Computer and Network Security Common Criteria R. E. Newman Computer & Information Sciences & Engineering University Of Florida Gainesville, Florida 32611-6120 firstname.lastname@example.org Common Criteria Consistent
COMMON CRITERIA CERTIFICATION REPORT EMC Data Domain version 5.5 Date: 30 June 2016 Version: 1.0 Government of Canada. This document is the property of the Government of Canada. It shall not be altered,
Document ID Cyber security for substation automation products and systems 2 Cyber security for substation automation systems by ABB ABB addresses all aspects of cyber security The electric power grid has
Certification Report EAL 2+ Evaluation of McAfee Email and Web Security Appliance Version 5.5 Patch 2 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria
Firewall Protection Profile V2.0 2008. 4. 24 (This page left blank on purpose for double-side printing) Protection Profile Title Firewall Protection Profile for Government Evaluation Criteria Version This
Certification Report McAfee Network Security Platform M-Series and NS- Series Sensors Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification
S Information Technology Security Evaluation Criteria ITSEC Joint Interpretation Library (ITSEC JIL) Version 2.0 November 1998 This document is paginated from i to vi and from 1 to 65 ITSEC Joint Interpretation
Marimba Client and Server Management from BMC Software Release 6.0.3 Version 2.3.0 4 June, 2007 Prepared by: BMC Software, Inc. 2101 City West Blvd. Houston, Texas 77042 TABLE OF CONTENTS 1. Introduction...
Secuware Virtual System (SVS) SECURITY TARGET EAL2 Copyright 2008 by SECUWARE All rights reserved. The information in this document is exclusive property of SECUWARE and may not be changed without express
Writing a Protection Profile for a Security Service Package Donald Marks, John Hale Center for Information Security University of Tulsa Donaldemail@example.com Johnfirstname.lastname@example.org email@example.com Disclaimer
C013 Certification Report VirtualEye v5.0 File name: Version: v1a Date of document: 8 March 2011 Document classification: For general inquiry about us or our services, please email: firstname.lastname@example.org
Mobile Billing System Security Target Common Criteria: EAL1 Version 1.2 25 MAY 11 Document management Document identification Document ID Document title Product version IDV_EAL1_ASE IDOTTV Mobile Billing
Security Target Microsoft SQL Server Team Author: Roger French Version: 1.27 Date 2008-07-23 File Name: MS_SQL_ST_1.27 Abstract This document is the Security Target (ST) for the Common Criteria evaluation
Certification Report EAL 4+ Evaluation of ncipher nshield Family of Hardware Security Modules Firmware Version 2.33.60 Issued by: Communications Security Establishment Canada Certification Body Canadian
Version 1.0 14.September 2008 BSI-DSZ-CC-0511 All Rights Reserved Copyright Fujitsu Limited 2008 this page was intentionally left blank 14.September 2008 All Rights Reserved Copyright Fujitsu Limited 2008
Intelligent Windows Management Common Criteria Security Target For 1E Power and Patch Management Pack 30 September 2009 Document Version 1-0 1E Limited. All Rights reserved. Summary of Amendments Version
Identity Management Protection Profile IMPP BSI-PP-0024 Version Number 1.17 Date: January 12, 2006 Status: Final Author: David Ochel Owner: Brian Matthiesen Note: This document will become a public document
C H A P T E R 12 System Assurance 169 The aim of system assurance is to verify that a system enforces a desired set of security goals. For example, we would like to know that a new operating system that
National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report Protection Profile for Software Full Disk Encryption, Version 1.1 Report Number: CCEVS-VR-PP-0003
Security Target McAfee Enterprise Mobility Management 12.0 Document Version 1.16 September 17, 2014 Prepared For: Prepared By: McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 Primasec Ltd
KECS-CR-15-73 SAMSUNG SDS FIDO Server Solution V1.1 Certification Report Certification No.: KECS-ISIS-0645-2015 2015. 9. 10 IT Security Certification Center History of Creation and Revision No. Date Revised
EAL4+ Security Target Common Criteria: EAL4 augmented with ALC_FLR.3 Version 1.0 21-DEC-10 Document management Document identification Document ID Document title Release authority E14_EAL4_ASE Microsoft
Microsoft SQL Server 2012 Database Engine Common Criteria Evaluation (EAL2) Security Target SQL Server 2012 Team Author: Version: 1.2 Roger French (Microsoft Corporation) Date: 2012-08-07 Abstract This
C033 Certification Report Mobile Billing System File name: Version: v1a Date of document: 15 June 2011 Document classification: For general inquiry about us or our services, please email: email@example.com
Reference Guide for Security in Networks This reference guide is provided to aid in understanding security concepts and their application in various network architectures. It should not be used as a template
Protection Profile for Portable Storage Media (PSMPP) Common Criteria Protection Profile BSI-CC-PP-0081-2012 Version 1.0 German Federal Office for Information Security PO Box 20 03 63 D-53133 Bonn Tel.:
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report Gradkell Systems, Inc. DBsign for Client/Server Applications Version 3.0 Report Number: CCEVS-VR-05-0127
Common Criteria Protection Profile for an ArchiSafe Compliant Middleware for Enabling the Long-Term Preservation of Electronic Documents (ACM_PP) Version Date Author Remarks 1.0.0 31/10/08 Dr. Wolf Zimmer
Introduction to the Common Criteria for IT Security (ISO 15408) Gene Troy US National Institute of Standards and Technology (NIST) Fuji Xerox Co. & Keio University March 1999 Introduction Overview What
SQL Server 2008 Team Author: Roger French Version: 1.04 Date: 2011-09-26 Abstract This document is the (ST) for the Common Criteria certification of the database engine of Microsoft SQL Server 2008 R2.
National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report IBM UK Ltd IBM WebSphere Business Integration Message Broker Version 5.0, Fix Pack 4 Report
JMCS Northern Light Video Conferencing System Security Target Common Criteria: EAL2 Version 1.2 22 FEB 12 Document management Document identification Document ID Document title Product version NLVC_ST_EAL2
Certification Report EAL 2 Evaluation of with Gateway and Key Management v2.9 running on Fedora Core 6 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria
Topic 3: Lesson 2 Intro to Firewalls Summary Basic questions What is a firewall? What can a firewall do? What is packet filtering? What is proxying? What is stateful packet filtering? Compare network layer
Common Criteria for Information Technology Security Evaluation Part 1: Introduction and general model September 2012 Version 3.1 Revision 4 CCMB-2012-09-001 Foreword This version of the Common Criteria
Common Criteria Evaluations for the Biometrics Industry Kathy Malnick Senior Manager Criterian Independent Labs An initiative of the WVHTC Foundation Presentation outline Common Criteria defined Common
Protection Profile for USB Flash Drives Mitigating the Risk of a Manipulated, Misplaced, or Stolen USB Flash Drive Information Assurance Directorate 01 December 2011 Version 1.0 Table of Contents 1 Introduction
Microsoft Forefront UAG 2010 Common Criteria Evaluation Security Target Microsoft Forefront Unified Access Gateway Team Author: Microsoft Corp. Version: 1.0 Last Saved: 2011-03-10 File Name: MS_UAG_ST_1.0.docx
122-B COMMON CRITERIA CERTIFICATION REPORT No. CRP235 Citrix Password Manager, Enterprise Edition Version 4.5 running on Microsoft Windows and Citrix Presentation Server Issue 1.0 June 2007 Crown Copyright
Security Target SQL Server 2008 Team Author: Roger French Version: 1.2 Date: 2009-01-23 Abstract This document is the Security Target (ST) for the Common Criteria certification of the database engine of
Securing and Accelerating Databases In Minutes using GreenSQL Unified Database Security All-in-one database security and acceleration solution Simplified management, maintenance, renewals and threat update