Abstract:
CyberGuard Corporation has been a major player
in the security certification arena for a number of years. As such
the challenges that have presented
themselves are numerous. Through the experiences of various certifications
under different schemes (TCSEC, ITSEC, CC, ICSA and FIPS) and
the requirement to meet these criterions in order to be competitive
in the market place, CyberGuard has enhanced its internal practices
to create, test and release products that are certification compliant
and meet the common elements of these various criteria.The common
trend that has evolved through experiences with various security
criterions is that they have a major number of components in common.
Given the common requirements, internal processes and development
practices that adapt to these common elements allow CyberGuard
to
achieve variety of these certifications in a shortest possible time
across multiple platforms with the same approach, the most significant
of which is the Common Criteria certifications.This presentation
concentrates on the lessons learned and advantages gained through
implementations that allow CyberGuard to respond to a great number
of certification requirements across multiple platforms with relatively
small, but dedicated development team members. CC areas to improve
upon will also be discussed during the course of this presentation.