CC in the Cloud (C32a)
The Common Criteria has been a framework for product evaluation of security functions since its inception in the late 1990s. As DevOps became the trend for development of agile cloud services going forward into the 2000’s, the CC remained the gold standard for product evaluation but did not address how customer’s deployment approaches had changed from the traditional on-premises waterfall development model. With this in mind, is CC useful and can it be applied to cloud service deployments of traditional on-premises products and to new cloud services developed specifically for the cloud? CC is preferred in some international cloud certification schemes today but perhaps there are better approaches to CC evaluations that could add assurance in the cloud, and related international and national standards that could provide value in extending CC to the cloud. In this talk, the author will explore options and approaches that the community could consider which would allow for CC to be evaluated in the cloud.