Challenges in security certification

Abstract:

CyberGuard Corporation has been a major player in the security certification arena for a number of years. As such the challenges that have presented themselves are numerous. Through the experiences of various certifications under different schemes (TCSEC, ITSEC, CC, ICSA and FIPS) and the requirement to meet these criterions in order to be competitive in the market place, CyberGuard has enhanced its internal practices to create, test and release products that are certification compliant and meet the common elements of these various criteria.The common trend that has evolved through experiences with various security criterions is that they have a major number of components in common. Given the common requirements, internal processes and development practices that adapt to these common elements allow CyberGuard to achieve variety of these certifications in a shortest possible time across multiple platforms with the same approach, the most significant of which is the Common Criteria certifications.This presentation concentrates on the lessons learned and advantages gained through implementations that allow CyberGuard to respond to a great number of certification requirements across multiple platforms with relatively small, but dedicated development team members. CC areas to improve upon will also be discussed during the course of this presentation.