NIAP CCEVS: LabGrams

Labgram #55, Valgram #76 - Update on NIAP CCEVS Strategy

Tue, 02 Jun 2009 00:00:00 GMT

All,

As most of you have probably seen, the Army just released their new Letter to Industry. Since they cite the NEW NIAP Strategy in their letter, I wanted to provide an update on the status of the new Standard PPs and the updates to the Basic Robustness PPs that we’re trying to get accomplished by 1 Oct 09. Below is a somewhat prioritized list of these PPs:

New Standard Lost Laptop PP – to be published very soon

New Standard USB PP – being developed

Updated Basic Robustness VPN PP – being worked

Updated Basic Robustness Firewall PP – being worked

Updated Basic Robustness Router PP – being worked

Updated Basic Robustness IDS PP – being worked

Updated Basic Robustness OS PP – being worked

Updated Basic Robustness Database PP – being reviewed

Updated Basic Robustness Anti-Virus PP – being reviewed

We do NOT yet have a prioritized list of the NEW PPs that will be written. We will be asking labs and customers for their recommendations in the very near future.

Thanks,

Audrey

Audrey M. Dale, CISSP

Director, NIAP CCEVS

NSA Commercial Solutions Center

amdale@missi.ncsc.mil

Tel 410-854-4458

Labgram #54, Valgram #74, RSA Conference Certificate Presentation Deadlines

Tue, 13 Jan 2009 00:00:00 GMT

Validators and Labs,

The Director CCEVS will be presenting certificates at the RSA

Conference 20-24 April 2009 in San Francisco. The following timeline will be used for determining whether a product/PP can be awarded a certificate for presentation at the award ceremony during the conference.

*Lab must deliver all final updated documentation to validator on/before 13 Feb 2009.

*Validator must deliver Final Package, ST, VR, ETR, etc. to CCEVS on/before 06 March 2009 and,

*Vendor & Lab must complete, sign, and deliver all required forms (F8002, F8003, F8004) to CCEVS on/before 06 March 2009.

In addition, if the vendor plans to issue a product announcement at the conference that needs CCEVS review, then the Vendor must deliver the draft announcement to the CCEVS on/before 20 March 2009.

Please plan accordingly and drop me a line to let me know what evaluations you expect to finish up in time for RSA.

Thank you.

Regards, Randy

Randy Sullivan

NIAP CCEVS Staff

410-854-4458 office

410-854-6615 fax

(U) The information contained herein that is marked (U//FOUO) is for the exclusive use of Government and Contractor personnel with a need-to-know for NIAP CCEVS information. Such information is specifically prohibited from posting on unrestricted bulletin boards or other unlimited access applications.

Labgram #53, VOR Scheduling

Fri, 24 Oct 2008 00:00:00 GMT

CCTLs,

Just wanted to let you know the VOR schedule for FY09 can be found on our website at http://www.niap-ccevs.org/cc-scheme/vor_schedule.cfm.

In recent months, CCTL personnel have been contacting Validators directly to coordinate upcoming VORs prior to the read-ahead submission due date. Due to our limited validation resources, this is causing us problems with prioritizing validation activities. Please remember that all VOR activity, including any new VORs and follow-ups to failed VORs, must be coordinated with CCEVS prior to contacting the Validation team. This will allow CCEVS to continue to schedule and prioritize validation activities as stated in Policy #16, Validator Oversight Review (VOR) Scheduling Priorities. Thanks very much for your cooperation.

Labgram #52, Valgram #73, Update Scheme Publications and Policy Letters

Thu, 11 Sep 2008 00:00:00 GMT

All,

In preparation for the upcoming Voluntary Periodic Assessement (VPA) of CCEVS, all of our Scheme Publications and Policy Letters were reviewed and revised where necessary. The pulications had major revisions and therefore will need to be read in their entirety. The changes made to the policies are outlined below.

Policy 1 – Language in STs, ETRs, VPL & VRs – remained the same

Policy 2 – Reuse of Previous Evaluation Results & Evidence – remained the same

Policy 3 – TOE Security Targets Claiming Conformance to Protection Profiles – updated/re-dated it to remove statement that we would accept evaluations against draft PPs

Policy 4 – Inactive Evaluations – was updated/re-dated – made some wording changes to a & b

Policy 6 – Location of CCTL Evaluation Testing Activities - rescinded since we added that info to the appropriate Pub 4

Policy 7 – Evaluation Conflict of Interest - rescinded since we added the info from it to Pubs 1 and 4

Policy 8 - Rules for Component Evaluations under CCEVS – was transferred onto letterhead to match format of all other policy letters, no content changes made.

Policy 9 – Crypto in Common Criteria Evaluations – remains the same for now

Policy 10 – Acceptance of Security Targets (STs) Into NIAP CCEVS Evaluation – updated/re-dated with some minor wording changes on VORs –

Addendum to Policy 10 - rescinded

Policy 11 – Candidate CCTL Policy – remained the same

Policy 12 – Letter of Interest for CCEVS Evaluations – updated/re-dated with minor wording corrections

Policy 13 – Acceptable TOE’s for Evaluation and it’s Addendum – remained the same

Policy 15 – Mandatory Inclusion of Audit Generation Functionality in TOEs – updated/re-dated with minor word changes

Policy 16 – Validator Oversight Review (VOR) Scheduling Priorities – remained the same

Policy 17 – Effects of Vulnerabilities in Evaluated Products – remained the same

Policy 18 – Time Limits on CCEVS Evaluations – remained the same

Policy 19 – Requirements for Evaluations with Components above EAL 4 – updated/re-dated para 2 was modified to say CCTLs had to create methodologies where there were none

Thanks.

Dianne Hale

NIAP CCEVS Staff

410-854-4458 office

410-854-6615 fax

Labgram #51, Valgram #72, Policy Letter #19-update 1, Requirements for Evaluations with Components above Evaluation Assurance Level (EAL) 4

Wed, 23 Apr 2008 00:00:00 GMT

All,

Policy Letter 19 has been updated to incorporate "if the NSA evaluation results in product updates, the CCTL must make the necessary evidence updates as required. Please review this policy to be aware of the changes.

Rebecca Galanakis

NIAP CCEVS Staff

Labgram #49, Updated Monthly Schedule Reporting

Fri, 28 Mar 2008 00:00:00 GMT

CCTLs,

The VOR process, along with the Time Limit Policy and Inactive Evaluations, has eliminated the need for detailed schedule information. We do however need the schedules to project current and future Validator resources and to keep our "in evaluation" listing current. Therefore, we have revised the format for the monthly schedules to include only specific milestones.

Effective immediately, each CCTL is required to submit a spreadsheet consisting of the VID, Product Name, projected TVOR date (projected testing date for those evaluations that do not require a Test VOR), projected FVOR date, and projected Completion Date. Each month, the spreadsheet must be updated and any changes highlighted for ease of database entry.

CCEVS will be forwarding a blank template to each CCTL listing all current projects to start with. Please also note that effective 1 April all new evaluations will be required to have Test VORs in accordance with our VOR Guide.

Randy Sullivan

NIAP CCEVS Staff

410-854-4458 office

410-854-6615 fax

Labgram #50, Valgram #71, Validation Oversight Review (VOR) Evaluators and Validators Guide 2.0

Fri, 28 Mar 2008 00:00:00 GMT

All,

Please be advised that the updated VOR Guide has been posted to the CCEVS web site on our Scheme Publications page under CCEVS Guidance Documents (http://www.niap-ccevs.org/cc-scheme/policy/ccevs/guidance_docs.cfm). Effective immediately all VORs must follow the process outlined in this guide. Please also note that all new evaluations must now have Test VORs.

Thanks.

Dianne Hale

NIAP CCEVS Staff

410-854-4458 office

410-854-6615 fax

Labgram #47, Valgram #69, Policy #19, Requirements for Evaluations with Components above EAL4

Thu, 27 Mar 2008 00:00:00 GMT

All,

Please be advised that a new policy has been posted to the CCEVS web site, Policy #19: Requirements for Evaluations with Components above EAL4. This policy replaces both Policy 5, Evaluation TOEs at Evaluated Assurance Levels (EALs) Above 4 and Policy 14, Requirements for Committing NSA Resources to CCEVS Evaluations. Please read and become familiar with the policy, as appropriate.

Thanks.

Dianne Hale

NIAP CCEVS Staff

410-854-4458 office

410-854-6615 fax

Labgram #48, Valgram #70, Policy #4, Inactive Evaluations

Thu, 27 Mar 2008 00:00:00 GMT

All,

Please be advised that Policy 4, Inactive Evaluations has been updated and posted on CCEVS web site. Please read and become familiar with the policy, as appropriate.

Thanks.

Dianne Hale

NIAP CCEVS Staff

410-854-4458 office

410-854-6615 fax

Labgram #46, Valgram #68, Policy #18, Time Limits on CCEVS Evaluations

Mon, 04 Feb 2008 00:00:00 GMT

All,

Please be advised that a new policy has been posted to the CCEVS web site, Policy #18: Time Limits on CCEVS Evaluations. Please read and become familiar with the policy, as appropriate. In addition, please be sure to notify your vendors of this new policy.

Thanks.

Dianne Hale

NIAP CCEVS Staff

410-854-4458 office

410-854-6615 fax

Labgram #46, Valgram #68, Policy #18, Time Limits on CCEVS Evaluations

Mon, 04 Feb 2008 00:00:00 GMT

All,

Thanks.

Dianne Hale

NIAP CCEVS Staff

410-854-4458 office

410-854-6615 fax

Labgram #45, Valgram #67, Policy #17, Effects of Vulnerabilities in Evaluated Products

Wed, 23 Jan 2008 00:00:00 GMT

All,

A new policy has been posted to the CCEVS web site. Please read and become familiar with the policy, as appropriate.

Thanks, Becky Galanakis

Labgram #45, Valgram #67, Policy #17, Effects of Vulnerabilities in Evaluated Products

Wed, 23 Jan 2008 00:00:00 GMT

All,

A new policy has been posted to the CCEVS web site. Please read and become familiar with the policy, as appropriate.

Thanks, Becky Galanakis

Labgram #44, Valgram #66, New Requirement for End of Evaluation Survey (F8004)

Fri, 18 Jan 2008 00:00:00 GMT

All,

Please be advised that vendor's are now required to submit an End of Evaluation Survey for all NIAP evaluations completed from this date forward in order to be posted to the Validated Products List (VPL). This form, (F8004) “NIAP CCEVS End of Evaluation Survey,” can be found on our web site at:

http://www.niap-ccevs.org/cc-scheme/forms/

The survey may be submitted through the CCTL as part of the final package OR faxed directly to CCEVS at 410-854-6615.

We welcome all vendors with prior NIAP evaluations to complete a survey!

Validator Oversight Review (VOR) Scheduling Priorities

Wed, 05 Dec 2007 00:00:00 GMT

All,

A new policy has been posted to the CCEVS web site. Please read and become familiar with the policy, as appropriate.

Thanks, Becky Galanakis

http://www.niap-ccevs.org/cc-scheme/policy/ccevs/policy-ltrs.cfm

Labgram #42, Valgram #64, Letter of Interest Requirement for Acceptance into CCEVS Evaluation

Tue, 02 Oct 2007 00:00:00 GMT

Please read the new policy #12 with subject above outline the requirement for a letter of interest (LOI) to enter the CCEVS evaluation process. The new policy is effective 1 Oct 07. If you have any questions feel free to contact me or anyone in the NIAP CCEVS office on 410-854-4458.

Labgram #41, Valgram #63, Subject: Vendor Attendance at Validator Oversight Reviews (VORs)

Fri, 29 Jun 2007 00:00:00 GMT

CCEVS strongly discourages the attendance of vendors at VORs. VORs are intended to be frank and open technical discussions between CCTL evaluators and CCEVS validators which could be hampered or unduly influenced by vendor attendance. CCEVS shall consider, on a case-by-case basis, exceptions to this policy. Vendor requests for an exception must be submitted in writing with appropriate justification through the corresponding CCTL to CCEVS.

Labgram #40, Valgram #62, Revised Crypto Policy

Fri, 05 Jan 2007 00:00:00 GMT

CCTLs,

Policy 9 was issued in June of 2005 as a temporary measure to clarify the CCEVS documentation needed when a Common Criteria evaluation contains crypto. The attached two documents are aimed at building upon Policy 9 and are to be used by the CCTLs as described below.

“Specifying Requirements in Security Targets” addresses how cryptographic protocols are to be specified in Security Targets. “Evaluation of Cryptographic Protocols and Implementation" provides guidance on how cryptographic protocols are to be evaluated in accordance with CCEVS expectations. By 22 January 2007 each CCTL must select a current evaluation containing cryptography on which to apply these documents. Between 22 January and 31 May 2007, the CCTLs will collect and provide CCEVS with feedback regarding the guidance documents.

During this four month trial-use period, please submit your comments and observations regarding the documents to Dave Dignan (dmdigna@niap-ccevs.org) at CCEVS. Upon completion of the four-month trial-use period, the documents will be updated and the documents will be posted as policy on this CCEVS web site.

CCEVS Validators: Please become familiar with these documents and reference them as needed for your evaluations containing cryptography.

Labgram #40, Valgram #62, Revised Crypto Policy

Fri, 05 Jan 2007 00:00:00 GMT

CCTLs,

CCEVS Validators: Please become familiar with these documents and reference them as needed for your evaluations containing cryptography.

Labgram #39, Valgram #61, Validation Oversight Process: Evaluators and Validators Guide

Thu, 26 Oct 2006 00:00:00 GMT

CCTLs and Validators,

Enclosed is the Validation Oversight Review (VOR) Process Document, written to support the NIAP CCEVS migration to the new evaluation oversight process. Please read the attached document and become familiar with the responsibilities for VOR participants, particularly those pertaining to you.

As CCEVS implements the VOR process, updates may be made to this document, but not until after 1 January 2007. Starting in December 2006, all VORs must follow the process outlined in the enclosed document.

If you have comments regarding the VOR Training Guide please submit them to CCEVS at your earliest opportunity.

Labgram #36, Valgram #58 -- Implementation of New MSR Templates (Updated 1/04/06)

Thu, 20 Oct 2005 00:00:00 GMT

CCTLs,

As we discussed at the CCTL meeting last week, attached is the updated template we are mandating that all CCTLs use when submitting MSRs to CCEVS validators. Since our previous approach of not specifying a format and timetable did not provide constructive metrics, we feel it is imperative that all labs report in the same format & calendar month cycle. We'd like to implement the Part I CCTL MSR as soon as possible, but no later than the December 2005 reporting period. As a reminder CCTL MSRs are due to your lead validator by the 5th calendar day of the month (if it falls on a weekend, it will be due the following Monday). The validators have until the 10th working day of the month to review the CCTL MSR and submit their MSR Part II along with Part I to CCEVS as one document. The validator is responsible for sending a copy of their MSR (Part II) back to the lab. Attached are templates for the Part I (CCTL MSR) and Part II (Validator MSR).

If you have any questions please contact me. Regards, Becky

CCEVS Validators: Please begin using the Part II MSR for the Oct 05 reporting period which is due to CCEVS on 10 November 05. The labs have been given some time to incorporate the new MSR into their procedures, so if you haven't received the Part I MSR from the CCTL please still submit Part II by 10 November 05. MSRs should marry up again in Dec 05.

CCEVS Policy Letter #10, Acceptance of Security Targets into NIAP CCEVS Evaluation - Additional Information

Tue, 04 Oct 2005 00:00:00 GMT

CCTLs,

This labgram provides information about the implementation of CCEVS Policy Letter #10.

CCEVS Policy Letter #10 lists the minimum requirements for ST acceptance into evaluation.

Upon receipt of an EAP, we will assign a senior validator to perform a Policy 10 ST review. The validator will be allowed 3-4 business days to perform the review, at which time the ST will be judged as acceptable to enter evaluation, or as deficient per Policy Letter #10. If there are deficiencies, these will be forwarded to the CCTL for correction and ST resubmission. The ST should be resubmitted to the ceap@niap-ccevs.org, with a subject line indicating that it is a Policy Letter #10 ST resubmission.

This process will iterate until the ST is acceptable per Policy Letter #10. Once the ST is acceptable, a validator will be assigned to review the EAP and schedule the kick-off meeting as we have always done.

Please inform your vendors that this ST review means that we are requiring the full 30 days from the time of EAP receipt until the validator is assigned, and it may take longer depending on the calibre of the ST and the number of iterations until the ST is updated and accepted.

CCEVS Policy Letter #10, Acceptance of Security Targets into NIAP CCEVS Evaluation

Mon, 27 Jun 2005 00:00:00 GMT

A new CCEVS policy letter #10 has been posted to the CCEVS web site for clarifying what CCEVS will accept from Common Criteria Testing Laboratories (CCTLs) and Candidate-CCTLs when submitting an ST in an Evaluation Acceptance Package (EAP) for a new evaluation. Please become familiar with this policy letter.

CCEVS Policy Letter #10, Acceptance of Security Targets into NIAP CCEVS Evaluation

Mon, 27 Jun 2005 00:00:00 GMT

CCEVS Policy Letter #9, Crypto in Common Criteria Evaluations

Wed, 15 Jun 2005 00:00:00 GMT

A new CCEVS policy letter #9 has been posted to the CCEVS web site for clarifying the CCEVS documentation needed when a Common Criteria evaluation contains crypto. Please become familiar with this document and begin using immediately.

Content for MSR Reporting

Fri, 18 Feb 2005 00:00:00 GMT

The CCEVS has agreement with the Common Criteria Testing Laboratories (CCTLs) that, at a minimum, the following content will be provided to the project's lead validator. CCTL management may choose to define a specific format across the board for all of the laboratories projects. In no way shall the validator dictate a specific format for content of MSRs.

CCTL MSR Content:
Identify Validation ID (VID) Number. As multiple projects from many of the same vendors are entering the scheme it is imperative that we all refer to the project by the same VID#. The lab will be given the VID# by CCEVS at the time the validator is assigned.

Identify Status of Evaluation. Select only one category to correspond with what activity you are reporting. The categories are Activity/Normal, No Activity/30 days, No activity/60 days, and Recommend Terminate.

Identify Key Points of Contact. At a minimum, the CCTL must identify the Lead Evaluator, Lead Validator, Validation Team Leader, and Sponsor Representative. If you would like to add others feel free to do so.

Identify (by classes) the CCTL deliverables and/or status of work performed. This may be in the form of a spreadsheet or bulleted text, or any other way of getting the information across. Any "format" is deemed acceptable.

Identify any problems/risks/concerns the CCTL has with the evaluation/validation. The Senior Team Leaders will be responsible for developing a consistent monthly cycle between the CCTL, Validator and CCEVS Records which considers the following:

Date MSR is due from CCTL
Date coordination process between validator & CCTL is complete.
Date final MSRs will be sent to records.

CCEVS Policy #7, Conflicts of Interest

Mon, 22 Nov 2004 00:00:00 GMT

1. The attached CCEVS policy is intended to clarify Section 3.3 of Scheme Publication # 1, Conflicts of Interest.

2. It is effective the date of this correspondence. CCEVS Policy #7 will be posted to the web site in the next content update.

Addendum to CCEVS Policy #4, Inactive Validations

Fri, 12 Mar 2004 00:00:00 GMT

1. The attached addendum is intended to clarify what constitutes evaluation activity for monthly validator reporting to CCEVS.

2. It is effective the date of this correspondence. CCEVS Policy #4 Addendum 1 will be posted to the web site in the next content update.

Maintenance and Re-Evaluation

Fri, 13 Feb 2004 00:00:00 GMT

The CCEVS is pleased to acknowledge the recent international release of the CCRA Requirements on Assurance Continuity (CCIMB-2004-02-009, February 2004). It is available on the CCEVS website. This guidance is to be used by all CCEVS labs to address the topic of maintenance and re-evaluation. It formally supercedes all previous guidance issued by the CCEVS, including Scheme Publication 6.

The approach outlined in these requirements is that the sponsor will provide a report describing the changes made to the certified TOE, together with an analysis of the security impact of those changes. This report will then be reviewed by the scheme to determine whether these changes require any additional analysis by evaluators ("re-evaluation") or whether the changes are such that the analysis performed in producing the impact analysis report was sufficient ("maintenance").

These requirements present only the minimum mutually-recognized requirements on assurance maintenance and re-evaluation. They acknowledge that schemes may augment these requirements. If such additional guidance is found to be necessary in the future, then a new Scheme Publication on Re-evaluation and Maintenance will be issued. However, at this time, the CCEVS has no additional guidance to provide to its validators, evaluators, or TOE developers.

RSA Award Ceremony Deadlines

Wed, 14 Jan 2004 00:00:00 GMT

The Director, CCEVS will be presenting certificates during the RSA Conference 23-27 February 2004 in San Francisco, California http://www.rsaconference.com/conf2004_portal.html. The following timeline will be used for determining whether a product/PP will be awarded a certificate for presentation at the award ceremony during the conference.

Lab must deliver ETR to validator by 16 January 2004
Validator must deliver Validation Report package to CCEVS on/before 26 January 2004, and
Vendor & Lab must complete, sign and deliver “Vendor/CCTL release form” to CCEVS on/before 9 February 2004.

In addition, if the vendor plans to issue a product announcement at the conference that needs CCEVS review, then the Vendor must send the draft announcement to CCEVS on/before 9 February 2004.

Request each CCTL send CCEVS a list of product(s) and vendor(s) that you believe will finish up or have previously completed and would like to receive their certificate at the conference.

New ETR Format

Mon, 22 Dec 2003 00:00:00 GMT

This ValGram provides a revised template for an Evaluation Technical Report, including an Annex with guidance for documenting individual work units. The ETR template and Annex will become mandatory for use in all new evaluations that begin on or after 1 February 2004.

New ETR Format

Mon, 22 Dec 2003 00:00:00 GMT

IASWS Award Ceremony Deadlines

Thu, 23 Oct 2003 00:00:00 GMT

The Director, CCEVS will be presenting certificates at the Information Assurance Solutions Working Symposium (IASWS) on December 8, 2003 in Anaheim, California http://www.iaevents.com/iasws03/newinfo.cfm. The following timeline will be used for determining whether a product/PP will be awarded a certificate for presentation at the award ceremony during the conference.

Lab must deliver ETR to validator on/before 30 October 2003
Validator must deliver Validation Report package to CCEVS on/before 10 November 2003, and
Vendor & Lab must complete, sign and deliver “Vendor/CCTL release form” to CCEVS on/before 24 November 2003.

In addition, if the vendor plans to issue a product announcement at the conference that needs CCEVS review, then the Vendor must deliver the draft announcement to CCEVS on/before 24 November 2003.

Request that the CCTLs send CCEVS a list of product(s)/ vendor(s) that you believe will finish up in time for presentation at the conference.

CCEVS Policy Letter #6

Mon, 20 Oct 2003 00:00:00 GMT

I am forwarding CCEVS Policy #6 -- Location of CCTL Evaluation Testing Activities as ValGram #044 and LabGram #025 respectively. A signed original will be kept in the CCEVS official records and a copy will be posted to the NIAP CCEVS web page by the end of today. If you have any questions pertaining to this policy please contact the CCEVS staff.

New CCTL, Criterian Independent Labs

Wed, 13 Aug 2003 00:00:00 GMT

The Director, CCEVS is pleased to announce the recent NVLAP accreditation and NIAP approval of our eighth Common Criteria Testing Laboratory, Criterian Independent Labs. They are located in Fairmont, West Virginia. Criterian is approved for test methods APE, ASE and EALs 1-4. The Lab Director is Mr. David Esses. Visit our CC Testing Labs page for additional details. Please join us in welcoming Criterian into the CCEVS!

4th ICCC Certificate Deadlines

Mon, 07 Jul 2003 00:00:00 GMT

The Director CCEVS will be presenting certificates at the 4th ICCC Conference 7-9 September 2003 in Stockholm, Sweden. The following timeline will be used for determining whether a product/PP can be awarded a certificate for presentation during the conference.

Lab must deliver ETR to validator on/before 28 July 2003
Validator must deliver Validation Report package to CCEVS on/before 11 August 2003 and,
Vendor & Lab must complete, sign, and deliver "Vendor/CCTL release form" to CCEVS on/before 25 August 2003.

In addition, if the vendor plans to issue a product announcement at the conference that needs CCEVS review, then the Vendor must deliver the draft announcement to the CCEVS on/before 25 August 2003.

Please discuss with the vendor and plan accordingly. I would appreciate if the CCTLs would drop me a line to let me know what evaluations they expect to finish up in time for this conference.

New Web Info & other News

Thu, 03 Jul 2003 00:00:00 GMT

Some time next week you will see a few additions to the NIAP CCEVS Web site. In particular changes to the "In Evaluation" page. We've had several requests to list the date the product entered into evaluation. We think listing a start date may actually do some good to move along those vendors who just want to "sit" on the in eval list. This is a heads up so that you may inform your vendors if you think it is necessary. We will be using the evaluation kick off date as our "start" date. At that same time, we will add the link to your laboratory web site (on the CCTL contact page), so if you haven't given me the url please do so by early next week.

The ICCC4 in Sweden 7-9 September 2003 will be the next venue for presenting CC certificates. If you have an evaluation nearing completion please discuss whether the vendor would be interested in receiving their certificate in Sweden and let me know. I will be sending out the deadlines for submitting ETRs, Validation Reports, etc. in a separate message.

Rescission of NIAP Interpretation I-0389

Fri, 09 May 2003 00:00:00 GMT

The CCIMB has found that NIAP Interpretation 0389 would violate Mutual Recognition. The interpretation calls for allowing a system to "recoveR" to a previously-known state, rather then a *secure* state. The CCIMB believes such an interpretation could lead to the acceptance of products that revert to states which would compromise the intent of security. For example, if, after a user logs out, the system could revert to a state where that user was logged in, thereby permitting anyone else at that workstation to assume the user's identity. Even more drastically, the interpretation could permit a system reverting to a state that is known to be insecure.

The NIB and CCEVS management agree with the CCIMB that this NIAP interpretation could result in undesirable situations not envisaged by the NIB. CCEVS management therefore rescinds Interpretation I-0389.

Rescission of NIAP Interpretation I-0424

Fri, 09 May 2003 00:00:00 GMT

The CCIMB has found that NIAP Interpretation I-0424 would violate Mutual Recognition. I-0424 suggested that FPT_SEP should be restructured to make the nature of hierarchy clearer, and to create a new component that is hierarchical to everything else. The CCIMB believes this is unnecessary, noting that the fact that FDP_SEP.2 can be completed in such a way that makes it equivalent to FDP_SEP.3 does not violate the hierarchical relationship. They also disagreed with the perceived need for a new component that is hierarchical to the current ones. The CCIMB felt that specification of a requirement for isolated reference monitors could be achieved within the existing criteria framework.

The NIB and CCEVS management agree with the CCIMB that this NIAP interpretation is not useful and would only lead to divergence from other schemes. CCEVS management therefore rescinds Interpretation I-0424.

Status of Interpretations

Fri, 09 May 2003 00:00:00 GMT

In an effort to reduce the perceived divergence between evaluations conducted within CCEVS and those conducted by other schemes, and to address other questions raised, the CCEVS is clarifying its policy concerning NIAP Interpretations.

NIAP Interpretations will continue to be issued by the NIAP Interpretations Board and approved by CCEVS management. The purpose of these interpretations will be to offer clarifications to the CC/CEM in the form of proposed changes to the CC/CEM. NIAP Interpretations will continue to be available for public review.

Upon CCEVS management approval, evaluations are to consider the proposed changes contained within the interpretations as the recommended way to understand the requirements. They will have the same status within evaluations as do Precedents, in that they will provide an informed opinion describing what the requirements mean and an acceptable use. Because all changes to the words are treated as refinements for which rationales must be provided, the rationale for the word changes resulting from the use of a CCEVS interpretation will simply cite the interpretation.

CCEVS will forward each management-approved interpretation to the CCIMB for consideration as it strives to produce regular updates to the Criteria and Methodology. Non-concurrence from the CCIMB will signal the need for rescission of the interpretation by CCEVS management. NIAP Interpretations I-0389 and I-0424 have been rescinded for this reason. Any future rescission of NIAP interpretations will be announced, in the same manner as when interpretations are approved by CCEVS management, on the CCEVS mailing lists and website.

The naming/notation system that has been used in the past will be optional when CCEVS interpretation words are used within an evaluation. For cases when the notation convention is not used, there should be clear note at the point of the use of the interpretation indicating the interpretation applied to a particular component. This can be a footnote, a tailoring or operation note, or some other informative note.

Methodology for Components above EAL4

Fri, 14 Feb 2003 00:00:00 GMT

CCEVS was recently questioned on what methodology should be used for assurance components above EAL4. In response, the following interim guidance was provided on the ADV_IMP.2, ADV_RCR.2, and AVA_CCA.1 components.This is how these components are to used until more structured methodology is available.

For evaluations including these components, validators are asked to pay particular attention in these areas, and keep CCEVS apprised if anything even remotely questionable comes up, so that we can clarify the interim guidance if necessary.

As other EAL4+ components are included in evaluations, causing other such interim guidance to be generated, these will be collected together and made available in an effort to maintain consistency.

--------
ADV_IMP.2
ADV_IMP.2 applies to the entire TSF, rather than only the subset of the TSF required by ADV_IMP.1. Therefore, an evaluation including ADV_IMP.2 should use the methodology for ADV_IMP.1, but applied to the entire TSF.

The evaluator confirms the information provided meets the requirements of the additional content and presentation element (ADV_IMP.2.3C: "The implementation representation shall describe the relationships between all portions of the implementation") by checking the code to be sure that interactions among the portions of the code are identified. The "portions of code" in question are those portions that implement the modules that are identified in the low-level design.

The importance of having all of the implementation representation -- rather than only the subset -- becomes apparent not in the evaluation work associated with ADV_IMP itself, but in other components. For example, the correspondence between the description of interactions among the modules in the low-level design and the interactions of the portions of the code that implement these modules will be performed as part of ADV_RCR; this ADV_IMP action makes sure the necessary input for that activity is available. Similarly, with the entire implementation representation available, the vulnerability analysis is much more straightforward and lucrative because the evaluator can trace through the code without running into dead ends that would otherwise result from portions of code being unavailable.

ADV_RCR.2
At EAL5, only the Functional Specification and High-Level Design are provided in a semiformal format. ADV_RCR.2 imposes a correspondence determination between these semiformal representations. For all remaining representations that are informal, there must likewise be a correspondence determination. The correspondence determination (at both the semiformal and informal levels) is done in accordance with the methodology for ADV_RCR.1.

AVA_CCA.1
There is no CCA methodology available in the CEM. Until methodology is available, the evaluator confirms the information provided meets the requirements of the content and presentation elements (AVA_CCA.1.1E) using the guidance provided in the Rainbow Document "A Guide to Understanding Covert Channel Analysis of Trusted Systems", November 1993, NCSC_TG-030.

The evaluator confirms that the covert channel analysis shows that the TOE meets its functional requirements (AVA_CCA.1.2E) only for TOEs claiming FDP_IFF.1/FDP_IFC.1 - these are the only functional requirements for which covert channels are meaningful. The policy quoted in these functional components is examined and the evaluator notes any covert channels that violate this policy, including the bandwidth of all such channels. When conducting the covert channel analysis, the evaluator needs to make sure that *all* resources (not just those defined in the applicable FDP_IFC/IFF components) are considered as part of the analysis; if they determine that a resource can be used in a covert channel, yet its use doesn't circumvent the policy set forth by the rules in FDP_IFC/IFF, that covert channel can be ignored.

All channels identified during the covert channel analysis are then included in the testing (AVA_CCA.1.3E).

RSA Certificate Deadlines

Mon, 03 Feb 2003 00:00:00 GMT

The Director CCEVS will be presenting certificates at the RSA Conference 13-17 April in San Francisco. The following timeline will be used for determining whether a product/PP can be awarded a certificate for presentation at the award ceremony during the conference.

Lab must deliver ETR to validator on/before 28 Feb 2003
Validator must deliver Validation Report package to CCEVS on/before 14 March 2003 and,
Vendor & Lab must complete, sign, and deliver "Vendor/CCTL release form" to CCEVS on/before 1 April 2003.

In addition, if the vendor plans to issue a product announcement at the conference that needs CCEVS review, then the Vendor must deliver the draft announcement to the CCEVS on/before 1 April 2003.

AMA

Fri, 20 Dec 2002 00:00:00 GMT

Attached is the Draft AMA document that I intend to post as Draft CCEVS Publication #6 prior to 1 January. It includes all of the comments that we have received to date and I am authorizing vendors and labs to utilizing the draft AMA guidance until an agreement is reached by the International CC RA members. This should suffice in providing vendors a way to meet the recent DoDD 8500 policy that states that vendors must keep their products current by being a part of the NIAP AMA process or by re-evaluating each release of their product.

If changes are required to the draft AMA, based on implementation issues, CCEVS asks that CCTL's and Validators note the issue and pass it to CCEVS management for resolution.

Welcome to InfoGard, 7th CCTL

Tue, 29 Oct 2002 00:00:00 GMT

The Director, CCEVS is proud to announce the recent NVLAP accreditation and NIAP approval of our seventh Common Criteria Testing Laboratory, InfoGard Laboratories, Inc. InfoGard is located on the West Coast in San Luis Obispo, California. The Lab point of contact is Mr. Ken Kolstad. InfoGard is approved for test methods APE, ASE, & EALs 1-4. The CCTL webpage update will be available in the next day or so. Please join us in welcoming Ken & InfoGard Laboratories as our newest CCTL!

Revision to Forms F8001 & F8002

Tue, 29 Oct 2002 00:00:00 GMT

Forms F8001, Sponsor Approval to List Product in Evaluation and F8002, Sponsor/CCTL Approval to Release Validation Information have been updated and posted to the website. Effective the date of this lab/ValGram please use the updated forms on the CCEVS website. The previous versions of these forms have been superseded. Please discard any printed stock you may have and replace with the new versions.

TOP Proposal, CCEVS Document #CCEVS-00007-02, V1.0 (18 Oct 02)

Mon, 21 Oct 2002 00:00:00 GMT

Attached is the finalized TOP proposal that CCEVS will be piloting on select evaluations. The TOP was created to address your concerns of validator inconsistencies and should, over time, allow you to more accurately price the validation oversight work into your contracts with vendors. This is only the first step that CCEVS is taking to provide you more guidance regarding evaluations.

CCEVS is willing to host a meeting with all of the lab managers to go over the TOP proposal and allow you the opportunity to ask questions if collectively you feel this would be beneficial. Regardless, I will be contacting each of you individually to discuss/negotiate on the selection of the evaluations for which this validation oversight model will be used. We are targeting those evaluations at the EAL 3 and/or 4 levels. I would like to reach agreement with each of you on the selected evaluations by 1 November if it is possible.

CCEVS Policy Letter #5, Evaluation TOEs at EALs above 4

Fri, 13 Sep 2002 00:00:00 GMT

I had indicated in some previous email that we were working on a CCEVS policy to address evaluations that are coming in at above an EAL 4 or have parts of the eval at the higher levels. I do not believe that any of this will be new news to you, but we decided to formalize it.

Use of 3-way NDAs

Mon, 26 Aug 2002 00:00:00 GMT

As many of you know the 3-way NDA has raised problems with some vendors and labs alike. As a result of discussions with the lawyer we have decided to move to a 2-way NDA between the lab and CCEVS and do away with the current 3-way model. The new NDA is being written so it will not happen immediately. This note is serve as a heads up that we will not be pressing you to submit the 3-way NDA (for the time being). However, if you have a vendor that is particularly concerned about not having an NDA in place we will still accept the 3-way.

Additionally, all CCEVS employees are bound by law to protect proprietary information (marked as such) provided to CCEVS staff by the vendor and/or lab under individual signed NDAs.

FIAC Certificate Deadlines

Tue, 20 Aug 2002 00:00:00 GMT

In preparation for the upcoming Federal Information Assurance Conference (FIAC) in College Park, MD 29-31 October 2002, the following timeline will be used for determining whether a product/PP will be awarded a certificate at the award ceremony during the conference.

CCTL must prepare and deliver ETR to validator on/before 9 Sep 02.
Validator must prepare and deliver Validation Report, VPL entry, and validator recommendation to CCEVS on/before 30 Sep 02, and
Vendor and CCTL must complete, sign, and deliver "vendor/CCTL release" form to CCEVS on/before 14 Oct 02.

In addition, if the vendor plans to issue a product announcement/press release of their validated product at the FIAC that needs CCEVS review, then the vendor must deliver the draft announcement to the CCEVS on/before 14 Oct 02.

Please share this information with the vendors and plan accordingly. Labs- please send a consolidated list of the projects you think will meet the schedule. For recordkeeping purposes this notice will be sent to both the labs and validators under separate numbers. The point of contact for this message is Becky Galanakis.

Followup from CCEVS Meeting Meeting with Labs

Wed, 26 Jun 2002 00:00:00 GMT

This information is provided as a followup to our lab meeting yesterday and is not intended as a complete meeting summary.

The CCEVS mail distribution lists archives can be found at http://www.itl.nist.gov/div896/emaildir/index.html. They are in alphabetical order - scroll down to the c's. If you have any additional changes to the ccevs-labs mail list (not noted yesterday) please send them to ccevs-staff and the changes will be made as quickly as possible. Also, take a few minutes periodically to review the information we have listed for you on http://www.niap-ccevs.org/cc-scheme/testing_labs.cfm and notifiy the staff of any changes. We refer callers to the website so make sure the info is correct!

A reminder that the 3-way NDA, Form 8003 is located on the CCEVS website, under Docs & Guidance. You should initiate the review of that form during your contract negotiations, pre-eval work. It's acceptable to have it signed during the kick-off but we have found that the folks attending the kick-off are not comfortable signing with no prior review/warning. Please give the vendor a heads-up as early as possible and if you know the company wants to make a change to the wording please let the staff know as soon as possible. You should certainly keep the validator informed but I will be your POC for follow-up with NDAs.

You have an action to get back to the staff by COB 5 July to let us know what your requirements are for getting our visitors from the UK/Australia/France/Germany into your facility.

Followup from CCEVS Meeting Meeting with Labs

Wed, 26 Jun 2002 00:00:00 GMT

This information is provided as a followup to our lab meeting yesterday and is not intended as a complete meeting summary.

You have an action to get back to the staff by COB 5 July to let us know what your requirements are for getting our visitors from the UK/Australia/France/Germany into your facility.

Observation Reports

Sun, 09 Jun 2002 00:00:00 GMT

This LabGram is being sent as a clarification and supplement to Scheme Pub #3, for the section entitled "Observation Reports".

Observation Reports (ORs) are submitted by CCTLs to document a question they have on a specific evaluation to receive a quick turn around resolution from the Validation Body. The Validator may also use the OR mechanism for documenting a question about a specific evaluation for which they need formal resolution from the Validation Body even if the CCTL does not agree with the need to submit an OR. Validators may submit ORs to document: 1. a disagreement between a validation team and an evaluation team; or 2. a noteworthy decision by a validation team in which a formal documented resolution from the Validation Body is desired.

ORs can be initiated by the evaluation team or by the validation team. Regardless of who initiates an OR, both parties must:

agree upon the Statement of the Issue as written in the OR;
be given the opportunity to provide a resolution to the issue in the OR;
be given the opportunity to review the other party's proposed resolution; and
be given the opportunity to provide factors that should be considered by the Validation Body when making the resolution.

Additionally, the evaluation team must review the OR for proper marking of proprietary information.

CCEVS Policy Letter #4, Inactive Validations

Fri, 07 Jun 2002 00:00:00 GMT

Please read the attached CCEVS Policy #4 -- Inactive Validation Projects issued by the Director, CCEVS. The policy is effective today, 7 June 2002.

Use of Evaluation Acceptance Agreements at Kick-off Meetings

Tue, 09 Apr 2002 00:00:00 GMT

This is a reminder that both Scheme Publication #3, Guidelines to Validators of IT Security Evaluations, and Scheme Publication #4, Guidelines to Common Criteria Testing Laboratories specify the completion of an Evaluation Acceptance and Non-Disclosure Agreement (F8003) following the Evaluation Kick-off Meeting. Until now, the CCEVS Validation Body has not enforced the requirement for completing this agreement. For all new projects from this date forward an Evaluation Acceptance and Non-Disclosure Agreement is required to be completed. A copy of the agreement can be obtained through the "Forms and Templates" page.

The Validators are responsible for seeing that an Evaluation Acceptance and Non-Disclosure agreement is prepared for each project. The CCTLs are asked to coordinate with the sponsor and the Validator in preparing the agreement, and obtaining the necessary signatures. A copy of the signed agreement will be sent to the sponsor and the CCTL.

Use of Evaluation Acceptance Agreements at Kick-off Meetings

Tue, 09 Apr 2002 00:00:00 GMT

Use of Evaluation Acceptance Agreements at Kick-off Meetings

Tue, 09 Apr 2002 00:00:00 GMT

CCEVS Policy Letter #2, Reuse of previous Evaluation Results and Evidence

Thu, 07 Mar 2002 00:00:00 GMT

Attached is the second in the series of Policy Letters that will be forthcoming from CCEVS. This policy deals with the reuse of previous evaluation results and evidence.

CCEVS Policy Letter #3, TOE STs Claiming Conformance to PPs (Draft or Validated)

Thu, 07 Mar 2002 00:00:00 GMT

Attached is the third in the series of Policy Letters that will be forthcoming from CCEVS. This policy deals with the TOE security targets claiming conformance to protection profiles (draft and validated).

Scheme Pub #3 and other Docs on Website

Thu, 21 Feb 2002 00:00:00 GMT

Additional documents have been added to the Scheme Publications page for your information and use. Scheme Publication #3, Guidance to Validators of IT Security Evaluations is now available. Also, additional CCEVS forms and templates frequently used during the evaluation/validation process have now been posted on the web site for convenient access.

Scheme Pub #3 and other Docs on Website

Thu, 21 Feb 2002 00:00:00 GMT

ICCC Certificate Deadlines

Tue, 19 Feb 2002 00:00:00 GMT

In preparation for the upcoming International Common Criteria Conference (ICCC) in Ottawa, Canada in May 2002, the following timeline will be used for determining whether a product/PP can be awarded a certificate at the award ceremony during the conference.

Lab must prepare and deliver ETR to validator on/before 1 April 02,
Validator must prepare and deliver Validation Report, VPL entry, and validator recommendation to CCEVS on/before 15 April 02, and
Vendor & Lab must complete, sign, and deliver "Vendor/CCTL release" form to CCEVS on/before 1 May 02.

In addition, if the vendor plans to issue a product announcement of their validated product at the ICCC that needs CCEVS review, then the Vendor must deliver the draft announcement to the CCEVS on/before 1 May 02.

Please share this information with the vendors and plan accordingly. For recordkeeping purposes this notice is being sent to the validators under a separate ValGram. The point of contact for this LabGram is Becky Galanakis.

CCEVS Policy Letter #1 Subj: Appropriateness of Language in ST, ETR, VPL & VRs

Thu, 10 Jan 2002 00:00:00 GMT

Attached is the first of several Policy Letters that will be forthcoming from CCEVS. This policy deals with the appropriateness of language in security targets, evaluation technical reports, VPL entries, and validation reports.