Anthony Busciglio, Laboratory Manager, Acumen Security Over the last several years, Common Criteria Technical Communities have focused more and more on the cryptography within products. The requirements created by these groups cover much of the same functionality addressed by FIPS 140. Functions, such as, Key Storage, Key Generation, Key Zeroization, and Authentication are all basic tenants of FIPS 140 that are covered by Technical Community created Protection Profiles in-depth. Additionally, these requirements are technology specific potentially making them more relevant to the evaluated products (and at times contradictory). This presentation will consider if Common Criteria is or should be the new go to cryptography standard and what vendor’s should do when Common Criteria requirements conflict with FIPS 140 requirements. Finally, this presentation will look forward to consider if there are ways to shape Common Criteria Protection Profiles that are even more relevant to cryptographic validation.

Certifications Program Track