Common Criteria Testing Laboratory

Common Criteria Testing Laboratory

A Common Criteria Testing Laboratory (CCTL) is an information technology (IT) computer security testing laboratory that is accredited to conduct IT security evaluations for conformance to the Common Criteria international standard.

In the United States the National Institute of Standards and Technology (NIST) National Voluntary Laboratory Accreditation Program (NVLAP) accredits CCTLs to meet National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme requirements and conduct IT security evaluations for conformance to the Common Criteria.

CCTL requirements

These laboratories must meet the following requirements:

  • NIST Handbook 150, NVLAP Procedures and General Requirements
  • NIST Handbook 150-20, NVLAP Information Technology Security Testing — Common Criteria
  • NIAP specific criteria for IT security evaluations and other NIAP defined requirements

CCTLs enter into contractual agreements with sponsors to conduct security evaluations of IT products and Protection Profiles which use the CCEVS, other NIAP approved test methods derived from the Common Criteria, Common Methodology and other technology based sources. CCTLs must observe the highest standards of impartiality, integrity and commercial confidentiality. CCTLs must operate within the guidelines established by the CCEVS.

To become a CCTL, a testing laboratory must go through a series of steps that involve both the NIAP Validation Body and NVLAP. NVLAP accreditation is the primary requirement for achieving CCTL status. Some scheme requirements that cannot be satisfied by NVLAP accreditation are addressed by the NIAP Validation Body. At present, there are only three scheme-specific requirements imposed by the Validation Body.

NIAP approved CCTLs must agree to the following:

  • Located in the U.S. and be a legal entity, duly organized and incorporated, validly existing and in good standing under the laws of the state where the laboratory intends to do business
  • Accept U.S. Government technical oversight and validation of evaluation-related activities in accordance with the policies and procedures established by the CCEVS
  • Accept U.S. Government participants in selected Common Criteria evaluations.

CCTL accreditation

A testing laboratory becomes a CCTL when the laboratory is approved by the NIAP Validation Body and is listed on the Approved Laboratories List.

To avoid unnecessary expense and delay in becoming a NIAP-approved testing laboratory, it is strongly recommended that prospective CCTLs ensure that they are able to satisfy the scheme-specific requirements prior to seeking accreditation from NVLAP. This can be accomplished by sending a letter of intent to the NIAP prior to entering the NVLAP process.

Additional laboratory-related information can be found in CCEVS publications:

  • #1 Common Criteria Evaluation and Validation Scheme for Information Technology Security — Organization, Management, and Concept of Operations and Scheme Publication
  • #4 Common Criteria Evaluation and Validation Scheme for Information Technology Security — Guidance to Common Criteria Testing Laboratories

External links


Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Common Criteria Evaluation and Validation Scheme — (CCEVS) is a United States Government program administered by the National Information Assurance Partnership (NIAP) to evaluate information technology (IT) product conformance to the Common Criteria international standard. CCEVS Logo Objectives… …   Wikipedia

  • Common Criteria — The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. It is currently in version 3.1.[1] Common Criteria is a… …   Wikipedia

  • Cryptographic Module Testing Laboratory — A Cryptographic Module Testing Laboratory (CMTL) is an information technology (IT) computer security testing laboratory that is accredited to conduct cryptographic module evaluations for conformance to the FIPS 140 2 U.S. Government standard. The …   Wikipedia

  • National Voluntary Laboratory Accreditation Program — (NVLAP) is a National Institute of Standards and Technology (NIST) program which provides an unbiased third party test and evaluation program to accredit laboratories in their respective fields to the ISO 17025 standard. NVLAP is in compliance… …   Wikipedia

  • Package testing — Military shipping container being drop tested Testing …   Wikipedia

  • Animal testing — A white Wistar lab rat Description Around 50–100 million vertebrate animals are used in experiments annually. Subjects Animal testing, scien …   Wikipedia

  • Mars Science Laboratory — mission 2011 concept artwork Operator NASA Major contractors Boeing Lockheed Martin …   Wikipedia

  • Nondestructive testing — or Non destructive testing (NDT) is a wide group of analysis techniques used in science and industry to evaluate the properties of a material, component or system without causing damage.[1] The terms Nondestructive examination (NDE),… …   Wikipedia

  • DNA profiling — Not to be confused with Full genome sequencing. Forensic science …   Wikipedia

  • Earthquake engineering — is the study of the behavior of buildings and structures subject to seismic loading. It is a subset of both structural and civil engineering.The main objectives of earthquake engineering are: * Understand the interaction between buildings or… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”