Common Criteria for Information Technology Security Evaluation (CC) is an international agreement that provides a set of standards, testing processes, and documentation standards that is widely recognized as the leading standard for defined software security standards. The Canadian Centre for Cyber Security performs evaluations on common IT products and releases a report called “Common Criteria Certification.” This process allows for organizations to review an independently tested software evaluation without needing to set up and configure that IT product in their own environment first. Tripwire Enterprise v8.9.1 was recently evaluated and passed the assurance process to update our certification for this latest release version.

How the Certification Process Works

The Canadian Common Criteria Scheme provides a third-party commercial Common Criteria Evaluation Facility (CCEF) for determining the trustworthiness of Information Technology (IT) security products. These evaluations take place under the oversight of the Certification Body, which is managed by the Canadian Centre for Cyber Security.

A CCEF is a commercial facility that has been approved by the Certification Body to perform Common Criteria evaluations. A significant requirement for such approval is accreditation to the requirements of ISO/IEC 17025, the General Requirements for the Competence of Testing and Calibration Laboratories.

A Breakdown of the Certification Stages

As explained in a report published by the Government of Canada, the first stage is to identify and describe the Target of Evaluation (TOE) and the architecture around this. Next, the report summarizes data found from a security policy that is checked against evaluated products. This allows for the results of an Intrusion Detection System (IDS), Security Audit and User Data Protection and others to be checked against the TOE.    

One or more individuals are subsequently assigned to manage the TOE and the security of the information it contains. The authorized (Read more...)