From Turtle to Cheetah: Fast and Effective Common Criteria Evaluations (C41b)
Highly regulated industries and critical infrastructure environments demand fulfillment of security requirements through rigorous and standardized approaches. In this context, the value of Common Criteria certifications is internationally recognized, but often countered by the known drawbacks of Common Criteria: it costs too much, it takes too much, it does not adapt to an agile development style and it is too focused on documentation. In this presentation, we will explore optimized evaluation techniques designed with the Dutch scheme to achieve full Common Criteria compliance while significantly limiting the certification time to few months and minimizing efforts for developers and evaluators. Alternate evidence collection approaches, smart use of existing developer testing methods and more effective reporting styles are all examples of how Common Criteria can suit the evolving needs of developers driving innovation.