Greg Mclearn, Founder and Technical Director, Lightship Security. In the not-too-distant future… As an IT product vendor selling to government agencies, procurement rules mandate Common Criteria and cryptographic module evaluations. You know this is a time-consuming and often expensive undertaking. It takes key technical people away from their day jobs and creates product management and sales concerns when conformance gaps are found.
Imagine a scenario where you’ve managed to automate a significant portion of the conformance testing work through initiatives like NIST’s Automated Cryptographic Validation Protocol and by exploiting the increasingly prescriptive nature of Common Criteria Protection Profiles. Your product lines have similar architectures, feature sets and management interfaces such that you can achieve cross-product automation in relatively short order. Having integrated conformance testing into your Continuous Integration facilities, neither your sales department, nor your clients are locked to old versions of your product. You can sell the latest and greatest to your customers. CAVP revalidation and Common Criteria Assurance Continuity can be performed in near real-time because your product features are being validated continuously.
In this presentation, Lightship Security will present our vision for the future of conformance automation and discuss our work on driving conformance automation within the Common Criteria ecosystem using the Network Devices collaborative Protection Profile as a starting point.