Apex Assurance Group

Common Criteria Consulting

The Common Criteria framework provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard manner.

Performing a Common Criteria Initial Assessment to review required evaluation material before writing a Security Target or performing an evaluation can help ensure a successful evaluation, reduce the time “in evaluation”, and mitigate potential costs associated with resolving unmet criteria between the security product provider and the U.S. government office in the evaluation phase.

We take the complexity out of Common Criteria evaluations.

Common Criteria Consulting Services

Apex Assurance makes the evaluation process smooth and easy for our clients by providing services for Common Criteria, including:

Product design assistance
It’s possible to achieve Common Criteria evaluation without a single code change. However, if a change is required, w will help design your product for compliance.

Education and training
Our highly acclaimed workshops educate your staff on Common Criteria process, requirements, timelines, and best practices. Whether you’re kicking off a validation project or planning for a future release, our Strategic Planning Sessions will answer your questions and help you plan for success.

Project management for entire validation process
Our resources have program backgrounds in Fortune 500 companies and government offices. We know how to run a project to be successful, and we do it from a vendor’s perspective.

Common Criteria Security Target development
Apex Assurance Group develops Security Targets to address functional and assurance requirements met by our customers’ solutions. The Security Target is the basis for Common Criteria evaluation, and Apex Assurance Group develops Security Targets that not only address the security and evaluation concerns of our customers but also strategically and competitively position our customers’ solutions in the Common Criteria and Information Assurance community.

Common Criteria documentation development
Apex Assurance Group delivers documentation/evidence that addresses Common Criteria assurance requirements and conforms to the Common Evaluation Methodology (which specifies the broad content requirements of each evidence deliverable). We provide the following activities:

  • Conducting interviews (via email, teleconference, or on-site visits) with customer resources to aid in the development of evaluation evidence
  • Updating evidence deliverables to address comments from our customer and verdicts from the Common Criteria Testing Laboratory (CCTL)
  • Acting as a first line of defense for questions and issues that come from the testing laboratory
  • Leading regular status meetings with designated customer resources and the CCTL

For all evaluation evidence, Apex Assurance Group provides a first line of defense for questions from the evaluation laboratory and is responsible for facilitating changes/updates to address verdicts. Apex Assurance Group also assists with configuration issues, test setup, and any other questions that may save time for our customers.

Resources

Education

The Common Criteria Portal contains a wealth of information on Common Criteria, including the latest revisions as well as a consolidated listing of certified products.

Wes Higaki‘s book, Successful Common Criteria Evaluations, provides an overview of the Common Criteria from a vendor’s perspective.

 

Apex Assurance not only helped us understand the procurement requirements for DoD, Intel, and Civilian, but they also got us through the CC certification faster and easier than we thought possible.
Copyright © 2005-2012 Apex Assurance Group, LLC
Top ↑
Terms of Use