SlideShare a Scribd company logo

Common Criteria service overview for Developers - jtsec a CC consultancy company

Javier Tallón
Javier Tallón

We can help you to pass a Common Criteria evaluation, we know the tips & the tricks and can help you to save a lot of money. Obtain a Common Criteria Certification assisted by our experts.

Engineering
1 of 12
Download to read offline
 jtsec Beyond IT Security SL is a cybersecurity Company focused on Common Criteria Consultancy.  Facilities in Granada and Madrid (Spain)  We are experts in Common Criteria. We have worked in several CC Labs as evaluators, consultants or lab manager. We have given talks in several ICCC (Common Criteria Conferences)  We have developed the most innovative tool to generate Common Criteria compliant documentation  CCGen (https://www.jtsec.es/ccgen-product-profile.pdf)  Key customers: Applus+, Panda Security, Imperva, BQ, MCS Microsystems, CyberSecurity Malaysia
 TECHNICAL EXCELLENCE We have come to raise the baton of technical excellence. Only through a high quality process, we must be able to verify the security of your products and systems; We are 100% committed to a lifelong learning process  COMMITMENT TO OUR CUSTOMERS We are determined to solve your problems, not to create new problems. Your project will be successful - there is no other option. We take the standard of excellence in dealing with clients to a new level.  TIME TO MARKET By doing our job on time, we can give a competitive advantage to our customers. If time is a constraint you can count on us. We put all our resources at your disposal to be not only the best but also the first.
 Common Criteria Training: customized training regarding the Common Criteria standard depending on your needs (applicable EAL, technology, etc…). This training will reduce your certification duration and cost and will increase the knowledge of your team.  Common Criteria Consultancy: customized consultancy service. We offer:  Full Package service: this service includes creating the required CC documentation, handling the relationship with the lab and negotiating the lab fee. This service requires mínimum involvement from the developer.  Ad-hoc Package service: jtsec will adapt to the customer needs. For example: ST Writting, CC Gap Analysis, Package of hours for CC Documentation Development, etc…
 Common Criteria:  International Standard (Methodology) to evaluate the security of IT products (ISO 15408)  Up to 7 levels. Higher levels implies higher effort/cost  The methodology consist on:  Product Security Evaluation (Testing and Vulnerability Analysis)  Design and Guidance Documentation Evaluation  Development Process Evaluation (Life Cycle Evaluation including site audits)
 Common Criteria  International agreement for mutual recognition of CC evaluations performed by country members – A certificate obtained in Spain is valid in 28 countries.  Worldwide recognized certificate – valid all around the world
 What can you use Common Criteria certificate for?  Government regulations (e.g. European Tachograph Law, Digital Signature)  Spanish Government will use it for Approval of ICT security products for handling classified national information and for the inclusion of ITC security products in the spanish Catalog of ITC Security Products (CPSTIC). More information in CCN-STIC 102 and 106 Guides.  CC certificates are likely required to enter in DoD’s Information Network Approved Products List (DoDIN APL) – US Government  Smart Tachograph European regulation (https://dtc.jrc.ec.europa.eu/dtc_smart_tachograph.php)  Digital Signature Creation Devices  Market Recognition/Requirements (Quality of your product/company) or Distinction/Differentiation between competitors
jtsec will support the developer during the whole process Certification Body Laboratory Developer
 Paperwork:  ASE: Security Target Evaluation  ADV: Design Documentation Evaluation – Interfaces (Functional Specification), High Level and Low Level Design, Architecture and Implementation (Source Code)  Paperwork + Testing:  AGD: Guidance Documentation (Installation and Operational) Evaluation + TOE Installation  ALC: ALC Documentation Evaluation (Configuration Management, Tools and Techniques, Delivery, Life Cycle, Flaw Remediation and Development Site Security Measures) + Site Audit  ATE: Testing Documentation Evaluation + Independent Testing  Testing:  AVA: Vulnerability Analysis and Penetration testing Note: The applicable activities depend on the EAL (Evaluation Assurance Level)
jtsec: Beyond IT Security c/ Abeto s/n Edificio CEG Oficina 2B CP 18230 Granada – Atarfe – Spain hola@jtsec.es @jtsecES www.jtsec.es

Recommended

Co je kybernetická bezpečnost?
Co je kybernetická bezpečnost?Co je kybernetická bezpečnost?
Co je kybernetická bezpečnost?Jiří Peterka
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSMNarudom Roongsiriwong, CISSP
 
Ch11 Basic Cryptography
Ch11 Basic CryptographyCh11 Basic Cryptography
Ch11 Basic CryptographyInformation Technology
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network securityIGZ Software house
 
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptx
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptxDemystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptx
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptxnull - The Open Security Community
 
Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Eduardo Arriols Nuñez
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark ShermanRinaldi Rampen
 
Web Uygulama Güven(siz)liği
Web Uygulama Güven(siz)liğiWeb Uygulama Güven(siz)liği
Web Uygulama Güven(siz)liğiBGA Cyber Security
 

Recommended

Co je kybernetická bezpečnost?
Co je kybernetická bezpečnost?Co je kybernetická bezpečnost?
Co je kybernetická bezpečnost?Jiří Peterka
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSMNarudom Roongsiriwong, CISSP
 
Ch11 Basic Cryptography
Ch11 Basic CryptographyCh11 Basic Cryptography
Ch11 Basic CryptographyInformation Technology
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network securityIGZ Software house
 
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptx
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptxDemystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptx
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptxnull - The Open Security Community
 
Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Eduardo Arriols Nuñez
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark ShermanRinaldi Rampen
 
Web Uygulama Güven(siz)liği
Web Uygulama Güven(siz)liğiWeb Uygulama Güven(siz)liği
Web Uygulama Güven(siz)liğiBGA Cyber Security
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 
Secure coding-guidelines
Secure coding-guidelinesSecure coding-guidelines
Secure coding-guidelinesTrupti Shiralkar, CISSP
 
Web Uygulama Pentest Eğitimi
Web Uygulama Pentest EğitimiWeb Uygulama Pentest Eğitimi
Web Uygulama Pentest EğitimiBGA Cyber Security
 
Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)GAURAV. H .TANDON
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedWill Schroeder
 
Secure Session Management
Secure Session ManagementSecure Session Management
Secure Session ManagementGuidePoint Security, LLC
 
Container Runtime Security with Falco
Container Runtime Security with FalcoContainer Runtime Security with Falco
Container Runtime Security with FalcoMichael Ducy
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Network security & cryptography
Network security & cryptographyNetwork security & cryptography
Network security & cryptographyRahulprasad Yadav
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Codingbilcorry
 
Diffie-Hellman Key Exchange
Diffie-Hellman Key ExchangeDiffie-Hellman Key Exchange
Diffie-Hellman Key ExchangeGürkan YILDIRIM
 
Network security
Network securityNetwork security
Network securitySimranpreet Singh
 
PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)Pace IT at Edmonds Community College
 
Security Code Review 101
Security Code Review 101Security Code Review 101
Security Code Review 101Paul Ionescu
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory ForensicsIIJ
 
10 Adımda Sızma Testleri
10 Adımda Sızma Testleri10 Adımda Sızma Testleri
10 Adımda Sızma TestleriBGA Cyber Security
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended Larry Vandenaweele
 
jtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationjtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationJavier Tallón
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and productsJavier Tallón
 

More Related Content

What's hot

Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 
Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)GAURAV. H .TANDON
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedWill Schroeder
 
Container Runtime Security with Falco
Container Runtime Security with FalcoContainer Runtime Security with Falco
Container Runtime Security with FalcoMichael Ducy
 
Network security & cryptography
Network security & cryptographyNetwork security & cryptography
Network security & cryptographyRahulprasad Yadav
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Codingbilcorry
 
Diffie-Hellman Key Exchange
Diffie-Hellman Key ExchangeDiffie-Hellman Key Exchange
Diffie-Hellman Key ExchangeGürkan YILDIRIM
 
Security Code Review 101
Security Code Review 101Security Code Review 101
Security Code Review 101Paul Ionescu
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory ForensicsIIJ
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended Larry Vandenaweele
 

What's hot (20)

Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Network security
Network securityNetwork security
Network security
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
 
Secure coding-guidelines
Secure coding-guidelinesSecure coding-guidelines
Secure coding-guidelines
 
Web Uygulama Pentest Eğitimi
Web Uygulama Pentest EğitimiWeb Uygulama Pentest Eğitimi
Web Uygulama Pentest Eğitimi
 
Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting Revisited
 
Secure Session Management
Secure Session ManagementSecure Session Management
Secure Session Management
 
Container Runtime Security with Falco
Container Runtime Security with FalcoContainer Runtime Security with Falco
Container Runtime Security with Falco
 
Information security
Information securityInformation security
Information security
 
Network security & cryptography
Network security & cryptographyNetwork security & cryptography
Network security & cryptography
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Coding
 
Diffie-Hellman Key Exchange
Diffie-Hellman Key ExchangeDiffie-Hellman Key Exchange
Diffie-Hellman Key Exchange
 
Network security
Network securityNetwork security
Network security
 
PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)
 
Security Code Review 101
Security Code Review 101Security Code Review 101
Security Code Review 101
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory Forensics
 
10 Adımda Sızma Testleri
10 Adımda Sızma Testleri10 Adımda Sızma Testleri
10 Adımda Sızma Testleri
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
 

Similar to Common Criteria service overview for Developers - jtsec a CC consultancy company

jtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationjtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationJavier Tallón
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and productsJavier Tallón
 
Applied Systems '22: services & solutions.pptx
Applied Systems '22: services & solutions.pptxApplied Systems '22: services & solutions.pptx
Applied Systems '22: services & solutions.pptxApplied Systems Ltd.
 
Cyber-Security Certifications
Cyber-Security CertificationsCyber-Security Certifications
Cyber-Security CertificationsNithin Sai
 
德國TSI公司簡報-2
德國TSI公司簡報-2德國TSI公司簡報-2
德國TSI公司簡報-2俠客科技
 
Spanish catalogue of qualified products - a new way of using CC for procurement
Spanish catalogue of qualified products - a new way of using CC for procurementSpanish catalogue of qualified products - a new way of using CC for procurement
Spanish catalogue of qualified products - a new way of using CC for procurementJavier Tallón
 
Reliable Engineering for InsurTech StartUps
Reliable Engineering for InsurTech StartUpsReliable Engineering for InsurTech StartUps
Reliable Engineering for InsurTech StartUpsFortifier. IT Company
 
Technical Security and Penetration Testing
Technical Security and Penetration TestingTechnical Security and Penetration Testing
Technical Security and Penetration TestingIT Governance Ltd
 
TAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptxTAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptxJavier Tallón
 
en_verifysoft_testwell_flyer
en_verifysoft_testwell_flyeren_verifysoft_testwell_flyer
en_verifysoft_testwell_flyerQuinten Esmeijer
 
Bhadale group of companies quality standards catalogue
Bhadale group of companies quality standards catalogueBhadale group of companies quality standards catalogue
Bhadale group of companies quality standards catalogueVijayananda Mohire
 
Perennial systems corporate overview presentation
Perennial systems corporate overview presentationPerennial systems corporate overview presentation
Perennial systems corporate overview presentationPerennial Systems
 
Cruatech Services Intro
Cruatech Services IntroCruatech Services Intro
Cruatech Services IntroCruatech
 
V3.1.Ds Generic Presentation Pptshow [Autosaved]
V3.1.Ds Generic Presentation Pptshow [Autosaved]V3.1.Ds Generic Presentation Pptshow [Autosaved]
V3.1.Ds Generic Presentation Pptshow [Autosaved]Robert Grawet
 
Getting Started with IoT by Niraj Shah
Getting Started with IoT by Niraj ShahGetting Started with IoT by Niraj Shah
Getting Started with IoT by Niraj Shahmomoahmedabad
 
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK CertificationGetting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK CertificationITpreneurs
 

Similar to Common Criteria service overview for Developers - jtsec a CC consultancy company (20)

jtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationjtsec Arqus Alliance presentation
jtsec Arqus Alliance presentation
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and products
 
Applied Systems '22: services & solutions.pptx
Applied Systems '22: services & solutions.pptxApplied Systems '22: services & solutions.pptx
Applied Systems '22: services & solutions.pptx
 
Cyber-Security Certifications
Cyber-Security CertificationsCyber-Security Certifications
Cyber-Security Certifications
 
德國TSI公司簡報-2
德國TSI公司簡報-2德國TSI公司簡報-2
德國TSI公司簡報-2
 
Spanish catalogue of qualified products - a new way of using CC for procurement
Spanish catalogue of qualified products - a new way of using CC for procurementSpanish catalogue of qualified products - a new way of using CC for procurement
Spanish catalogue of qualified products - a new way of using CC for procurement
 
Reliable Engineering for InsurTech StartUps
Reliable Engineering for InsurTech StartUpsReliable Engineering for InsurTech StartUps
Reliable Engineering for InsurTech StartUps
 
Technical Security and Penetration Testing
Technical Security and Penetration TestingTechnical Security and Penetration Testing
Technical Security and Penetration Testing
 
TAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptxTAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptx
 
IoT and M2M Safety and Security
IoT and M2M Safety and Security IoT and M2M Safety and Security
IoT and M2M Safety and Security
 
Erzam profl oct18
Erzam profl oct18Erzam profl oct18
Erzam profl oct18
 
Company_Profile_Updated_17032016
Company_Profile_Updated_17032016Company_Profile_Updated_17032016
Company_Profile_Updated_17032016
 
en_verifysoft_testwell_flyer
en_verifysoft_testwell_flyeren_verifysoft_testwell_flyer
en_verifysoft_testwell_flyer
 
Bhadale group of companies quality standards catalogue
Bhadale group of companies quality standards catalogueBhadale group of companies quality standards catalogue
Bhadale group of companies quality standards catalogue
 
Perennial systems corporate overview presentation
Perennial systems corporate overview presentationPerennial systems corporate overview presentation
Perennial systems corporate overview presentation
 
Cruatech Services Intro
Cruatech Services IntroCruatech Services Intro
Cruatech Services Intro
 
V3.1.Ds Generic Presentation Pptshow [Autosaved]
V3.1.Ds Generic Presentation Pptshow [Autosaved]V3.1.Ds Generic Presentation Pptshow [Autosaved]
V3.1.Ds Generic Presentation Pptshow [Autosaved]
 
Getting Started with IoT by Niraj Shah
Getting Started with IoT by Niraj ShahGetting Started with IoT by Niraj Shah
Getting Started with IoT by Niraj Shah
 
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK CertificationGetting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
 
ESS Software and Firmware
ESS Software and FirmwareESS Software and Firmware
ESS Software and Firmware
 

More from Javier Tallón

Evolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio IIEvolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio IIJavier Tallón
 
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...Javier Tallón
 
ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?Javier Tallón
 
ICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCNICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCNJavier Tallón
 
La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...Javier Tallón
 
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdfEUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdfJavier Tallón
 
Evolucionado la evaluación Criptográfica
Evolucionado la evaluación CriptográficaEvolucionado la evaluación Criptográfica
Evolucionado la evaluación CriptográficaJavier Tallón
 
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...Javier Tallón
 
EUCA 22 - Let's harmonize labs competence ISO 19896
EUCA 22 - Let's harmonize labs competence ISO 19896EUCA 22 - Let's harmonize labs competence ISO 19896
EUCA 22 - Let's harmonize labs competence ISO 19896Javier Tallón
 
EUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemesEUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemesJavier Tallón
 
EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045Javier Tallón
 
Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...Javier Tallón
 
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?Javier Tallón
 
Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?Javier Tallón
 
CCCAB tool - Making CABs life easy - Chapter 2
CCCAB tool - Making CABs life easy - Chapter 2CCCAB tool - Making CABs life easy - Chapter 2
CCCAB tool - Making CABs life easy - Chapter 2Javier Tallón
 
2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...Javier Tallón
 
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...Javier Tallón
 
Automating Common Criteria
Automating Common Criteria Automating Common Criteria
Automating Common Criteria Javier Tallón
 
CCCAB - Making CABs life easy
CCCAB - Making CABs life easyCCCAB - Making CABs life easy
CCCAB - Making CABs life easyJavier Tallón
 

More from Javier Tallón (20)

Evolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio IIEvolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio II
 
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
 
ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?
 
ICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCNICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCN
 
La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...
 
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdfEUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
 
Hacking your jeta.pdf
Hacking your jeta.pdfHacking your jeta.pdf
Hacking your jeta.pdf
 
Evolucionado la evaluación Criptográfica
Evolucionado la evaluación CriptográficaEvolucionado la evaluación Criptográfica
Evolucionado la evaluación Criptográfica
 
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
 
EUCA 22 - Let's harmonize labs competence ISO 19896
EUCA 22 - Let's harmonize labs competence ISO 19896EUCA 22 - Let's harmonize labs competence ISO 19896
EUCA 22 - Let's harmonize labs competence ISO 19896
 
EUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemesEUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemes
 
EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045
 
Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...
 
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
 
Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?
 
CCCAB tool - Making CABs life easy - Chapter 2
CCCAB tool - Making CABs life easy - Chapter 2CCCAB tool - Making CABs life easy - Chapter 2
CCCAB tool - Making CABs life easy - Chapter 2
 
2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...
 
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
 
Automating Common Criteria
Automating Common Criteria Automating Common Criteria
Automating Common Criteria
 
CCCAB - Making CABs life easy
CCCAB - Making CABs life easyCCCAB - Making CABs life easy
CCCAB - Making CABs life easy
 

Recently uploaded

result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college projectTonystark477637
 
Glass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesGlass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesPrabhanshu Chaturvedi
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfSuman Jyoti
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Christo Ananth
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTbhaskargani46
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptDineshKumar4165
 
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLPVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLManishPatel169454
 

Recently uploaded (20)

result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
Glass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesGlass Ceramics: Processing and Properties
Glass Ceramics: Processing and Properties
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
 
NFPA 5000 2024 standard .
NFPA 5000 2024 standard .NFPA 5000 2024 standard .
NFPA 5000 2024 standard .
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLPVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
 

Common Criteria service overview for Developers - jtsec a CC consultancy company

  • 1.
  • 2.
  • 3.  jtsec Beyond IT Security SL is a cybersecurity Company focused on Common Criteria Consultancy.  Facilities in Granada and Madrid (Spain)  We are experts in Common Criteria. We have worked in several CC Labs as evaluators, consultants or lab manager. We have given talks in several ICCC (Common Criteria Conferences)  We have developed the most innovative tool to generate Common Criteria compliant documentation  CCGen (https://www.jtsec.es/ccgen-product-profile.pdf)  Key customers: Applus+, Panda Security, Imperva, BQ, MCS Microsystems, CyberSecurity Malaysia
  • 4.  TECHNICAL EXCELLENCE We have come to raise the baton of technical excellence. Only through a high quality process, we must be able to verify the security of your products and systems; We are 100% committed to a lifelong learning process  COMMITMENT TO OUR CUSTOMERS We are determined to solve your problems, not to create new problems. Your project will be successful - there is no other option. We take the standard of excellence in dealing with clients to a new level.  TIME TO MARKET By doing our job on time, we can give a competitive advantage to our customers. If time is a constraint you can count on us. We put all our resources at your disposal to be not only the best but also the first.
  • 5.  Common Criteria Training: customized training regarding the Common Criteria standard depending on your needs (applicable EAL, technology, etc…). This training will reduce your certification duration and cost and will increase the knowledge of your team.  Common Criteria Consultancy: customized consultancy service. We offer:  Full Package service: this service includes creating the required CC documentation, handling the relationship with the lab and negotiating the lab fee. This service requires mínimum involvement from the developer.  Ad-hoc Package service: jtsec will adapt to the customer needs. For example: ST Writting, CC Gap Analysis, Package of hours for CC Documentation Development, etc…
  • 6.
  • 7.  Common Criteria:  International Standard (Methodology) to evaluate the security of IT products (ISO 15408)  Up to 7 levels. Higher levels implies higher effort/cost  The methodology consist on:  Product Security Evaluation (Testing and Vulnerability Analysis)  Design and Guidance Documentation Evaluation  Development Process Evaluation (Life Cycle Evaluation including site audits)
  • 8.  Common Criteria  International agreement for mutual recognition of CC evaluations performed by country members – A certificate obtained in Spain is valid in 28 countries.  Worldwide recognized certificate – valid all around the world
  • 9.  What can you use Common Criteria certificate for?  Government regulations (e.g. European Tachograph Law, Digital Signature)  Spanish Government will use it for Approval of ICT security products for handling classified national information and for the inclusion of ITC security products in the spanish Catalog of ITC Security Products (CPSTIC). More information in CCN-STIC 102 and 106 Guides.  CC certificates are likely required to enter in DoD’s Information Network Approved Products List (DoDIN APL) – US Government  Smart Tachograph European regulation (https://dtc.jrc.ec.europa.eu/dtc_smart_tachograph.php)  Digital Signature Creation Devices  Market Recognition/Requirements (Quality of your product/company) or Distinction/Differentiation between competitors
  • 10. jtsec will support the developer during the whole process Certification Body Laboratory Developer
  • 11.  Paperwork:  ASE: Security Target Evaluation  ADV: Design Documentation Evaluation – Interfaces (Functional Specification), High Level and Low Level Design, Architecture and Implementation (Source Code)  Paperwork + Testing:  AGD: Guidance Documentation (Installation and Operational) Evaluation + TOE Installation  ALC: ALC Documentation Evaluation (Configuration Management, Tools and Techniques, Delivery, Life Cycle, Flaw Remediation and Development Site Security Measures) + Site Audit  ATE: Testing Documentation Evaluation + Independent Testing  Testing:  AVA: Vulnerability Analysis and Penetration testing Note: The applicable activities depend on the EAL (Evaluation Assurance Level)
  • 12. jtsec: Beyond IT Security c/ Abeto s/n Edificio CEG Oficina 2B CP 18230 Granada – Atarfe – Spain hola@jtsec.es @jtsecES www.jtsec.es