(PRWEB) December 22, 2004
As atsec information security prepare to celebrate their fifth year of operation the laboratory director for atsecÂs U.S. based laboratories, Helmut Kurth, announced their intention to provide additional Common Criteria evaluation services under the U.S. Common Criteria Evaluation and Validation Scheme (CCEVS) administered by the National Information Assurance Partnership (NIAP); a collaboration between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA).
atsec information security is already accredited by GermanyÂs Bundesamt fÃ¼r Sicherheit in der Informationstechnik (BSI) to perform evaluations for Common Criteria under the Arrangement on the Mutual Recognition of Common Criteria Certificates (MRA) in the Field of IT Security. The atsec laboratory has successfully performed numerous evaluations for companies based in the U.S., Sweden and Germany under this arrangement, also known as the Common Criteria Recognition Arrangement (CCRA).
The United States, Germany, Canada, the United Kingdom and France were the original signatories to the arrangement in 1998, and since then have been joined by a significantly larger number of nations in a second version, signed in May 2000. More information about the CCRA can be found at http://niap.nist.gov/cc-scheme/mutual-rec.html and at http://www.commoncriteriaportal.org.
Gordon McIntosh, atsecÂs U.S. Common Criteria laboratory manager, said ÂThe purpose of the CCRA is to ensure that certifications made under different national schemes are recognized as giving equivalent security assurance. International peer schemes recognize evaluations made at Evaluation Assurance Level (EAL)4 and below and may be augmented with Flaw Remediation to give full recognition at up to EAL4+. Unless specific recognition agreements are made then evaluations at EAL5 and above require accreditation under each nations scheme. In an effort to serve our U.S. customers desiring evaluations at higher assurance levels atsec information security is currently in the process of becoming fully accredited under the U.S. CCEVS scheme.Â (http://niap.nist.gov/cc-scheme/candidate_testing_labs.html.)
In a further announcement laboratory manager Fiona Pattinson said ÂIt is our intention that our cryptology laboratory will be accredited under the National Voluntary Laboratory Accreditation Program (NVLAP) to provide cryptographic module conformance testing under the Cryptographic Module Validation Program (CMVP). This service will complement atsecÂs Common Criteria services. Â
The Cryptographic Module Validation Program is run by the U.S. National Institute of Standards and Technology (NIST) and Canadian Security Establishment (CSE). The program is responsible for assuring validation of cryptographic modules for conformance to NISTÂs Federal Information Processing Standard (FIPS) 140-2 and provides the basis for assuring that cryptographic modules that will be used by Federal agencies utilize FIPS approved or NIST-recommended algorithms. Since 1996 Federal agencies have been mandated to ensure that such modules used in cryptographic-based security systems to protect sensitive information in computer and telecommunication systems are validated under the scheme.
The FIPS publication giving security requirements for cryptographic modules is recognized as a benchmark standard in the international arena and is serving as a model for the development of a formal international standard currently being developed by the well known International Organization for Standardization (ISO).
About atsec information security
atsec information security is the leading provider of high-quality information security services. These include laboratory services including product evaluation, as well as general consulting in a wide range of information security areas including Information Security Management Systems (ISMS) , risk management, PKI consulting, privacy assessment, and security auditing. More information about atsec information security can be found at http://www.atsec.com.
atsec information security was founded in 2000, and is present in the U.S. and Europe including Austin, Munich, Cologne, and Stockholm.