Austin, TX (PRWEB) May 7, 2005
atsec information security corporation has obtained accreditation from the National Voluntary Laboratory Accreditation Program (NVLAP) for specific test methods in Information Security Testing: Common Criteria including evaluation of protection profiles, security targets, and for product evaluations to assurance level EAL4.
Gordon McIntosh, the Austin-based companyÂs CCTL Lab Manager, notes: Âatsec is the very first CCTL to be accredited under the rigorous new rules that require a candidate lab to demonstrate Common Criteria proficiency by performing an actual Common Criteria product evaluation under the close supervision of the National Information Assurance PartnershipÂs Common Criteria Evaluation and Validation Scheme (NIAP CCEVS).Â
The atsec team demonstrated proficiency through a pioneering project which evaluated a software component (GSKit, a component developed and used by IBM to implement secure network transactions as part of software applications) at assurance level EAL4. David Ochel, Lead Evaluator for the GSKit evaluation, notes the significance of this approach: ÂComponent evaluations Â as opposed to product evaluations Â offer the opportunity to efficiently utilize an alternative Common Criteria paradigm that enables re-use of evaluation results. When composite applications integrate evaluated components, the process of evaluating those applications will be streamlined because the results from the component evaluations can be re-used in the larger context. atsec is proud to have contributed to piloting a foundation for composite evaluations in this way.Â
Significantly, the scope of accreditation for the atsec CCTL allows atsec to perform Common Criteria product evaluations up to and including the EAL4 level. Helmut Kurth, atsec Lab Director, explains the importance for atsec of achieving this scope of accreditation: ÂSuccessful EAL4 evaluation means that the target product was methodically designed, tested, and reviewed. This level is currently the highest level covered by the international Common Criteria Recognition Arrangement (CCRA) and the highest level most commercial products can achieve.
ÂEAL4 also represents the highest scope of accreditation available to commercial labs by NVLAP. That means that as a laboratory accredited at the EAL4 level, atsec, like any other fully-accredited lab, is qualified at the highest level to perform product evaluations at all practical levels under the NIAP CCEVS scheme.Â
Quality Manager Fiona Pattinson continues: ÂWe at atsec are very proud of our continuing record of achieving important steps in the application of Common Criteria as the information security discipline matures, and our work continues on additional significant milestones in Common Criteria evaluation.Â
The accreditation of atsec information security corporation by NVLAP allows atsec to work under the NIAP CCEVS and means that globally, atsec companies are now accredited under two national Common Criteria schemes; the U.S.-based companyÂs German counterpart, atsec information security GmbH, is accredited by BSI under the German national scheme.
About Common Criteria
The Common Criteria (CC) standard is an internationally-recognized standard used by the federal government and other organizations to assess security and assurance of information technology products. The CC provides a standardized way of expressing security requirements and defines the respective set of rigorous criteria by which the product will be evaluated. The CC is widely recognized within the IT Security community, IT professionals, government agencies, and customers as the seal of security assurance for mission-critical software. Under the CC, products are evaluated against strict standards for various features, including the development environment, security functionality, the handling of security vulnerabilities, security related documentation, and product testing.
About atsec information security
atsec information security is the leading provider of high-quality information security services. These include laboratory services including product evaluation, as well as general consulting in a wide range of information security areas including Information Security Management Systems (ISMS), risk management, PKI consulting, privacy assessment, and security auditing. atsec information security was founded in 2000 and operates in the U.S. and Europe, with offices in Austin, Munich, Cologne, and Stockholm.
For more information about atsec information security, please visit http://www.atsec.com.
# # #