AEPOS Groupe ADGA Group

Security Product Validation Support

Today, IT security, and the need for cutting edge security products to provide protection for sensitive or valuable data, is vital. Now, more now than ever, government agencies, as well as financial institutions and healthcare facilities, are turning to internationally recognized and accepted standards such as the Common Criteria for Information Technology Security Evaluation (CC) (aka ISO/IEC 15408:1999) and NIST's Federal Information Processing Standard (FIPS) Publication 140-2 for information technology products to ensure compliance and as a metric for developmental security and federal government security requirements.

To remain competitive in the security marketplace, developers and vendors need to demonstrate that their IT security product meets the developmental security and assurance/functional requirements of one or more of these standards

These validation processes can be overwhelming on vendor resources, particularly since trying to ensure compliance to the standards while simultaneously developing the required documentation evidence packages takes developers away from their primary focus. In an age of shortening development lifecycles and delivery deadlines, not to mention rapidly changing technology and customer requirements, development resources can quickly become overwhelmed.

The Product Validation Support (PVS) group at AEPOS can shorten the learning curve, remove the guesswork and streamline the validation process by working with your team throughout the course of product development.

In the early stages, we can provide assistance to your design team through front-end technical guidance on the required security mechanisms and processes. As your project advances, AEPOS can begin to develop the required documentation, ensure it's timely delivery to the appropriate testing facility is on track, and remain available to respond to questions from the testing lab and/or validation authorities.

AEPOS Technologies maintains a unique position within the Common Criteria and FIPS 140-2 evaluation and certification programs in that it operates as a neutral entity, independent from the accredited testing laboratories and security product vendors. As such, AEPOS is not subject to the same limitations in that it can, for instance, provide technical design assistance and guidance to product vendors, in addition to development of the required documentation. While the accredited testing laboratories can provide these services, under most circumstances they cannot then perform the evaluation and/or testing of the product.

AEPOS' Security Product Validation Support service offerings include:

  • Common Criteria Documentation Evidence Package Development (EAL 1 to 7), including Security Targets (STs) and Protection Profiles (PPs);
  • CC and FIPS 140-2 Gap Analysis and Requirements Determination;
  • FIPS 140-2 Documentation Evidence Package Development;
  • CMT Lab Liaison Support;
  • Provide CMVP professional technical and management services to CSE and NIST;
  • Professional CMVP and CC documentation production support;
  • CC and CMVP program feasibility support;
  • Independent lab selection services;
  • Architecture and design assistance for compliance with CC and FIPS standards;
  • Guidance on selecting Protection Profiles that best meet client requirements;
  • Technical assistance with Privacy, HIPAA, BITS and DITSCAP issues; and
  • Technical augmentation support to both CC and CMT labs
Copyright © 2004 The ADGA Group. All rights reserved. Important notices