Common Criteria Evaluation and Validation Scheme
- Common Criteria Evaluation and Validation Scheme
-
Common Criteria Evaluation and Validation Scheme (CCEVS) is a United States Government program administered by the National Information Assurance Partnership (NIAP) to evaluate information technology (IT) product conformance to the Common Criteria international standard.
CCEVS Logo
Objectives
The CCEVS program is a partnership between the U.S. Government and industry to assist themselves and the consumers:
- Select commercial off-the-shelf IT products which meet their respective security requirements
- Help manufacturers of IT products gain acceptance in the global marketplace
- Provide cost-effective evaluation of IT products
- Encourage the formation of commercial security and Common Criteria Testing Laboratory
- Develop of a private sector security testing industry
- Ensure that security evaluations of IT products are performed to consistent standards
- Improve the availability of evaluated IT products
Validation Body
The Validation Body has the ultimate responsibility for the operation of the CCEVS in accordance with NIAP policies and procedures. Where appropriate it will interpret and amend those policies and procedures. The NIST and NSA are responsible for providing sufficient resources to the NIAP so that the Validation Body may carry out its responsibilities.
The Validation Body is led by a Director and Deputy Director selected by NIST and NSA management and other personnel include validators and technical experts in various technology areas.
The Validation Body ensures that appropriate mechanisms are in place to protect the interests of all parties within the CCEVS participating in the process of IT security evaluation.
Disputes brought forth by any participating party, i.e. the sponsor of an evaluation, product or Protection Profile developer or CCTL concerning the operation of the CCEVS or any of its associated activities shall be referred to the Validation Body for resolution. .
Categories:
- National Security Agency operations
Wikimedia Foundation.
2010.
Look at other dictionaries:
Common Criteria Testing Laboratory — A Common Criteria Testing Laboratory (CCTL) is an information technology (IT) computer security testing laboratory that is accredited to conduct IT security evaluations for conformance to the Common Criteria international standard. In the United… … Wikipedia
Common Criteria — The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. It is currently in version 3.1.[1] Common Criteria is a… … Wikipedia
CCEVS — Common Criteria Evaluation and Validation Scheme (CCEVS) is a United States Government program administered by the National Information Assurance Partnership (NIAP) to evaluate information technology (IT) product conformance to the Common… … Wikipedia
Multilevel security — or Multiple Levels of Security (abbreviated as MLS) is the application of a computer system to process information with different sensitivities (i.e., at different security levels), permit simultaneous access by users with different security… … Wikipedia
National Information Assurance Partnership (NIAP) — The National Information Assurance Partnership (NIAP) is a United States government initiative to meet the security testing needs of both information technology consumers and producers which is operated by the National Security Agency (NSA) and… … Wikipedia
National Information Assurance Partnership — The National Information Assurance Partnership (NIAP) is a United States government initiative to meet the security testing needs of both information technology consumers and producers that is operated by the National Security Agency (NSA), and… … Wikipedia
Mandatory access control — In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target.… … Wikipedia
List of ISO standards — This is a list of ISO standards that are discussed in Wikipedia articles. For a list of all the more than 16,000 ISO standards (as of 2007), see the [http://www.iso.org/iso/en/CatalogueListPage.CatalogueList ISO Catalogue] .About 300 of the… … Wikipedia
XTS-400 — Infobox OS name = XTS 400 website = [http://www.baesystems.com/ProductsServices/bae prod csit xts400.html www.baesystems.com] developer = BAE Systems source model = Closed source latest release version = 6.5 latest release date = August 2008… … Wikipedia
Security-evaluated operating system — A security evaluated operating system is an operating system that has achieved a certification from an external security auditing organization, such as a B2 or A1 CSC STD 001 83 Department of Defense Trusted Computer System Evaluation Criteria or … Wikipedia