Saffire Systems Logo
Home
Home
Evaluation Support Services
About Saffire
Employment
Contact Saffire
 
 

CC Evaluation Services:

The Common Criteria (CC) provides a basis for evaluating information technology security systems and products. CC evaluations are mutually recognized by multiple countries, including the United States, Canada, the United Kingdom, France, etc. (refer to www.commoncriteria.org for a complete list). Security products and systems are evaluated by accredited CC evaluation laboratories. In cooperation with the vendor, CC labs evaluate security products against a set of functional and assurance requirements.

The Committee on National Security Systems Policy (CNSSP #11) mandates that information assurance (IA) and IA-enabled IT products must be on the NIAP Product Compliant List (PCL) in order for US government agencies to purchase the product.

SAFFIRE SYSTEMS offers evaluation services for software vendors developing secure products. We have developed evaluation documentation for products that have completed common criteria evaluation and can expedite your evaluation by preparing the evaluation evidence documentation and working with the CC evaluation lab.

Prior to the CC, countries had their own evaluation requirements and processes. The US evaluation process was the Trusted Computer System Evaluation Criteria (TCSEC). SAFFIRE SYSTEMS has prior experience assisting software vendors in designing products that meet TCSEC and ITSEC (previous evaluation process of the western European countries) evaluation requirements, including guidance and production required to support an evaluation. We are aware of the major issues involved in secure systems development and we will expedite the production of evaluation evidence. Evaluation Support Services

Among our highly trained staff is a trained Vendor Security Analyst (VSA). Under TCSEC, a VSA was trained by the U.S. Federal government to maintain a certified level of trust in an evaluated system. This employee served as a vendor representative on a evaluation team and defended a product to a technical review board.

The engineers at SAFFIRE SYSTEMS have experience writing and reviewing documentation in the following areas:

  • Protection Profiles
  • Security Target
  • High Level Architecture and Design
  • DocumentationAssurance Documentation
  • Strength of Function
  • Vulnerability Analysis
  • Test Plan and Test Procedures
  • User and Administrator Security Guides

Related Sites:

For more information on CC, refer to:

http://www.commoncriteriaportal.org.

For more information on TCSEC and the US CC process, refer to:

http://www.niap-ccevs.org/cc-scheme/

http://csrc.nist.gov/publications/history/dod85.pdf

For more information on the Canadian CC process, refer to:

http://www.cse-cst.gc.ca/its-sti/services/cc/index-eng.html

Copyright © 2019 by Saffire Systems All rights reserved

.