atsec Information Security Corporation Obtains Common Criteria Accreditation from NVLAP

atsec information security corporation has obtained accreditation from the National Voluntary Laboratory Accreditation Program (NVLAP) for specific test methods in Information Security Testing: Common Criteria including evaluation of protection profiles, security targets, and for product evaluations to assurance level EAL4.

Privacy Policy






Gordon McIntosh, the Austin-based company"s CCTL Lab Manager, notes: "atsec is the very first CCTL to be accredited under the rigorous new rules that require a candidate lab to demonstrate Common Criteria proficiency by performing an actual Common Criteria product evaluation under the close supervision of the National Information Assurance Partnership"s Common Criteria Evaluation and Validation Scheme (NIAP CCEVS)."

The atsec team demonstrated proficiency through a pioneering project which evaluated a software component (GSKit, a component developed and used by IBM to implement secure network transactions as part of software applications) at assurance level EAL4. David Ochel, Lead Evaluator for the GSKit evaluation, notes the significance of this approach: "Component evaluations – as opposed to product evaluations – offer the opportunity to efficiently utilize an alternative Common Criteria paradigm that enables re-use of evaluation results. When composite applications integrate evaluated components, the process of evaluating those applications will be streamlined because the results from the component evaluations can be re-used in the larger context. atsec is proud to have contributed to piloting a foundation for composite evaluations in this way."

Significantly, the scope of accreditation for the atsec CCTL allows atsec to perform Common Criteria product evaluations up to and including the EAL4 level. Helmut Kurth, atsec Lab Director, explains the importance for atsec of achieving this scope of accreditation: "Successful EAL4 evaluation means that the target product was methodically designed, tested, and reviewed. This level is currently the highest level covered by the international Common Criteria Recognition Arrangement (CCRA) and the highest level most commercial products can achieve.

"EAL4 also represents the highest scope of accreditation available to commercial labs by NVLAP. That means that as a laboratory accredited at the EAL4 level, atsec, like any other fully-accredited lab, is qualified at the highest level to perform product evaluations at all practical levels under the NIAP CCEVS scheme."

Quality Manager Fiona Pattinson continues: "We at atsec are very proud of our continuing record of achieving important steps in the application of Common Criteria as the information security discipline matures, and our work continues on additional significant milestones in Common Criteria evaluation."

The accreditation of atsec information security corporation by NVLAP allows atsec to work under the NIAP CCEVS and means that globally, atsec companies are now accredited under two national Common Criteria schemes; the U.S.-based company"s German counterpart, atsec information security GmbH, is accredited by BSI under the German national scheme.

About Common Criteria
The Common Criteria (CC) standard is an internationally-recognized standard used by the federal government and other organizations to assess security and assurance of information technology products. The CC provides a standardized way of expressing security requirements and defines the respective set of rigorous criteria by which the product will be evaluated. The CC is widely recognized within the IT Security community, IT professionals, government agencies, and customers as the seal of security assurance for mission-critical software. Under the CC, products are evaluated against strict standards for various features, including the development environment, security functionality, the handling of security vulnerabilities, security related documentation, and product testing.

About atsec information security
atsec information security is the leading provider of high-quality information security services. These include laboratory services including product evaluation, as well as general consulting in a wide range of information security areas including Information Security Management Systems (ISMS), risk management, PKI consulting, privacy assessment, and security auditing. atsec information security was founded in 2000 and operates in the U.S. and Europe, with offices in Austin, Munich, Cologne, and Stockholm.

For more information about atsec information security, please visit http://www.atsec.com .


ATSEC INFORMATION SECURITY CORP.
Brenda Grove
512-349-7525

Related Articles

• Medcenter One to Transform Surgical Care with Software Solutions from Surgical Information Systems
  7 May 2005



• Cymer to Webcast Presentation From JPMorgan Technology Conference
  4 May 2005



• American Express Appoints Stephen Squeri as Executive Vice President, Chief Information Officer
  3 May 2005



• Information Technology Group, Inc. and Richards & Associates, Inc. Join Forces
  2 May 2005



• Digimarc Brings Digital Watermarking Security to Passports and Travel Documents
  2 May 2005



• MacroPore Biosurgery to Raise $11.0 Million from Equity Placement
  2 May 2005



• Bush Wrong: House Passed Energy Bill Threatens Economic and National Security
  30 April 2005



• Search 100"s of Job Boards and Career Sites from GJobs.co.uk
  30 April 2005



• Geron Corporation Reports 2005 First Quarter Financial Results and Events
  30 April 2005



• New Research from The Diffusion Group Defines Battle Lines for Control of the Digital Home
  29 April 2005