Common Criteria Certification: What Is It, and What Does It Mean for Tripwire Enterprise?

Common Criteria Certification: What Is It, and What Does It Mean for Tripwire Enterprise?
The Canadian Centre for Cyber Security performs evaluations on common IT products and releases a report called “Common Criteria Certification.” This process allows for organizations to review an evaluation without needing to set up and configure an IT product that they would like to test. Tripwire Enterprise v8.8.2.2 was recently evaluated and passed the certification.How the Certification Process WorksThe Canadian Common Criteria Scheme provides a third-party commercial Common Criteria Evaluation Facility (CCEF) for determining the trustworthiness of Information Technology (IT) security products. These evaluations take place under the oversight of the Certification Body, which is managed by the Canadian Centre for Cyber Security.A CCEF is a commercial facility that has been approved by the Certification Body to perform Common Criteria evaluations. A significant requirement for such approval is accreditation to the requirements of ISO/IEC 17025, the General Requirements for the Competence of Testing and Calibration Laboratories.A Breakdown of the Certification StagesAs explained in a report published by the Government of Canada, the first stage is to identify and describe the Target of Evaluation (TOE) and the architecture around this. Next, the report summarizes data found from a security policy that is checked against evaluated products. This allows for the results of an Intrusion Detection System (IDS), Security Audit and User Data Protection and others to be checked against the TOE.    One or more individuals are subseque ..

Support the originator by clicking the read the rest link below.