Atsec Information Security Performs First Common Criteria Component Evaluation

atsec information security announced today that it is currently conducting the first Common Criteria component evaluation at assurance level EAL4. The target of this evaluation is GSKit, a component developed and used by IBM to implement secure network transactions as part of software applications.

Austin, TX (PRWEB) February 2, 2005 -- atsec information security is currently pioneering the evaluation of a software component in collaboration with the U.S. Common Criteria Evaluation and Validation Scheme (CCEVS). Component evaluations – as opposed to product evaluations – will allow efficient re-use of evaluation results when it comes to the certification of composite applications that make use of common components to implement standard functionality. The completion of this component evaluation will also demonstrate atsecs proficiency in Common Criteria evaluations to CCEVS, allowing atsec to achieve the accreditation of its Austin, TX-based testing laboratory for Common Criteria evaluations.

The certification of core components is a critical aspect for companies developing composite products. The evaluation that is currently being conducted by atsec is the first component evaluation at EAL4 that explicitly carries the goal of re-usability in certifications of such composite products. As guidance for the re-use of component evaluation results is still under development, atsec considers this evaluation a valuable contribution to establish experience for this type of evaluation within CCEVS.

While the evaluation of a product always must lead to transparent and repeatable results, component evaluations introduce an increased need to produce evaluation results that allow straightforward re-use in composite evaluations. You need to keep in mind the big picture and the applications that will make use of the component,” said David Ochel, atsecs lead evaluator for the project. The results that our evaluation team has produced so far, the feedback we have received from CCEVS, and the efforts that the developer puts into supporting the evaluation make us confident that we will soon be able to successfully complete this project, and that atsec will receive accreditation of our lab here in Austin.”

About atsec information security
atsec information security operates worldwide as the leading provider of high-quality information security services. These include laboratory services including product evaluations, as well as general consulting in a wide range of information security areas including Information Security Management Systems (ISMS), risk management, PKI consulting, privacy assessment, cryptography, and security auditing.

For more information about atsec information security, please visit http://www.atsec.com or email info@atsec.com.

About NIAP and CCEVS
The National Information Assurance Partnership, a collaboration between the National Security Agency (NSA) and the National Institute of Standards and Technology (NIST), manages the Common Criteria Evaluation and Validation Scheme. For more information about CCEVS, visit http://niap.nist.gov/cc-scheme/.

About IBM
IBM is the world's largest information technology company, with 80 years of leadership in helping businesses innovate. Drawing on resources from across IBM and key IBM Business Partners, IBM offers a wide range of services, solutions and technologies that enable customers, large and small, to take full advantage of the new era of e-business. For more information about IBM, visit http://www.ibm.com.

# # #

atsec atsec information security cc common criteria component evaluation composite evaluation cc evaluation gskit ibm ccevs eal4

Bookmark -  Del.icio.us | Digg | Furl It | Spurl | RawSugar | Simpy | Shadows | Blink It | My Web