Assurance Continuity: What and How? Nithya Rachamadugu September 25, 2007
Topics • Introduction • History • Process • Maintenance Path • Re-evaluation Path • Impact Analysis Report • Input to Impact Analysis Report • Output from Impact Analysis Report © Copyright 2005 Cygna. Com Solutions 2
Topics (contd. ) • Guidance to Developers • Developer Issues • Scheme Questions/Issues • Assurance Maintenance Statistics • References • Contact Information © Copyright 2005 Cygna. Com Solutions 3
Introduction “The purpose of Assurance Continuity is to enable developers to provide assured products to the IT consumer community in a timely and efficient manner. ” [From Assurance Continuity: CCRA Requirements v 1. 0 February 2004] Why? • Keep certificate current • Certificate to match the latest TOE, process and environment • Certificate to address changes in company information • Re-use evidence and results from previous evaluation © Copyright 2005 Cygna. Com Solutions 4
Introduction (contd. ) • Recognized by the CCRA members • Valid for EAL 1 -EAL 4 evaluations © Copyright 2005 Cygna. Com Solutions 5
History • CC version 2. 1, August 1999 - AMA class • Separate class • Dependencies on class (ALC, ACM, AMA) • Difficult to follow and understand • CC version 2. 2, January 2004 – AMA class dropped • February 2004 –Assurance Continuity v 1. 0, with CC V 2. 3 © Copyright 2005 Cygna. Com Solutions 6
Assurance Continuity Process • Developer assesses the changes to the evaluated TOE • Developer updates the affected documents • Developer writes Impact Analysis Report listing the updated documents, description of changes and a verdict • Developer ensures that changes have no adverse effect on the Security assurance of the changed TOE • Scheme confirms Maintenance/Re-evaluation path • Scheme updates the validated product list entry • If applicable, scheme issues new certificate Impact Analysis Report is a scheme defined document listing the changes to the TOE and testing conducted by the developer. © Copyright 2005 Cygna. Com Solutions 7
![Assurance Process [From Assurance Continuity: CCRA Requirements v 1. 0 February 2004] © Copyright](https://present5.com/presentation/6af058e69a6d9672b9ae7084c49def90/image-8.jpg "Assurance Process [From Assurance Continuity: CCRA Requirements v 1. 0 February 2004] © Copyright")
Assurance Process [From Assurance Continuity: CCRA Requirements v 1. 0 February 2004] © Copyright 2005 Cygna. Com Solutions 8
Assurance continuity Types of Assurance Continuity • Assurance Maintenance “Maintenance refers to the process of recognising that a set of one or more changes made to a certified TOE have not adversely affected assurance in that TOE. ” • Assurance Re-evaluation “Re-evaluation refers to the process of recognising that changes made to a certified TOE require independent evaluator activities to be performed in order to establish a new assurance baseline. Reevalution seeks to reuse results from a previous evalution. ” © Copyright 2005 Cygna. Com Solutions 9
Assurance Maintenance • Minor changes to TOE • Assurance affirmed by developer • No new certificate Examples - Minor updates to the product not related to security - Minor bug fixes - Process oriented changes - Company information changes © Copyright 2005 Cygna. Com Solutions 10
Assurance Re-evaluation • • Changes to TOE that are not minor Assurance Re-evaluated by an independent Lab New certificate Impact Analysis Report not required (but helps) Examples - Security related updates to the evaluated TOE - Bug fixes - Many small changes - New interfaces/ADV changes - Years since last certification - Upgrading EAL level © Copyright 2005 Cygna. Com Solutions 11
Impact Analysis Report • Records the analysis of the impact of changes to the certified TOE • Generated by the developer requesting a maintenance addendum • Submitted to the Scheme • Impact Analysis Report forrmat - Introduction - Description of changes - Developer evidence changed (identify) - Description of evidence changed - Conclusion with verdict - Annex: Updated evidence © Copyright 2005 Cygna. Com Solutions 12
Input to Assurance Continuity • Impact Analysis Report (optional but recommended) • Updated ST • Updated evidence documents • Updated ETR (Re-evaluation) • From previous evaluation: - Certificate - Certification report - ETR - ST © Copyright 2005 Cygna. Com Solutions 13
Output from Assurance Continuity • Scheme report - Maintenance Report - Certification Report (Re-evaluation path) • Updated certificate (Re-evaluation only) • Updated Validated Product List • Updated ST (posted on the web) • Certified TOE © Copyright 2005 Cygna. Com Solutions 14
Guidance to Developers • Build maintenance process during initial evaluation • Keep good documentation on changes to the product • Update all related evidence as TOE changes • Conduct some testing before submitting Impact Analysis Report • Not all products need to be re-evaluated, check with the scheme • Often Labs write the IAR © Copyright 2005 Cygna. Com Solutions 15
![Developer Issues [US experience based] • Dilemma on the choice of the continuity path](https://present5.com/presentation/6af058e69a6d9672b9ae7084c49def90/image-16.jpg "Developer Issues [US experience based] • Dilemma on the choice of the continuity path")
Developer Issues [US experience based] • Dilemma on the choice of the continuity path • Scheme may disagree with developer’s verdict • Cost/effort before scheme’s decision • Maintenance/re-evaluation decision is subjective • Re-evaluation by the same Lab • Unpredictable cost • Every case is different • Assurance Continuity for higher levels not available © Copyright 2005 Cygna. Com Solutions 16
Scheme Questions/Issues • Changes to crypto: Maintenance or Re-evaluation? • Assurance Continuity from the same scheme • Certificate update to EAL 5 or higher - not under MRA • Scheme variations on Maintenance/Re-evaluation • How much is too much? [% change? ] • Assurance Continuity when PP gets out dated • Assurance Continuity for products evaluated under v 2. x (ST format, Assurance requirement changes in v 3. x) • Effect of new scheme Policies on re-evaluations © Copyright 2005 Cygna. Com Solutions 17
![CCEVS Statistics on Assurance Continuity [US Scheme based] • 217 evaluated products (Dec. 1998](https://present5.com/presentation/6af058e69a6d9672b9ae7084c49def90/image-18.jpg "CCEVS Statistics on Assurance Continuity [US Scheme based] • 217 evaluated products (Dec. 1998")
CCEVS Statistics on Assurance Continuity [US Scheme based] • 217 evaluated products (Dec. 1998 - Aug. 2007) • 23 Assurance Continuity : 10 EAL 2, 2 EAL 3, 11 EAL 4 • First evaluation – Dec. 1998 • First Assurance Continuity evaluation completed. July 2003 • 15 products went through Assurance Continuity • Some products had multiple revisions • Product types: Firewall, IDS/IPS, Switch, Router, Network Management, Web Server, Sensitive Data Protection © Copyright 2005 Cygna. Com Solutions 18
CC References • Common Criteria FOR Information Technology Security Evaluation - Part 3 Security Assurance Requirements, August 1999, version 2. 1 • Assurance Continuity: CCRA Requirements v 1. 0 – February 2004 © Copyright 2005 Cygna. Com Solutions 19
Questions : ? ? ? Thank you! Contact: Nithya Rachamadugu Director, Cygna. Com CCTL Nithya@cygnacom. com 703 -270 -3551 © Copyright 2005 Cygna. Com Solutions 20
Скачать презентацию Assurance Continuity What and How Nithya Rachamadugu September
6af058e69a6d9672b9ae7084c49def90.ppt