Simplify Your Government Certifications
Common Criteria (CC) and FIPS certifications can be very daunting for product developers, requiring extensive time and effort from valuable development personnel. The mission of CCC is to assist you in successfully completing security certifications without burdening your development personnel.
We leverage our combination of extensive certification experience and product development experience to offload the work from your internal resources. We work with you every step of the way, from initial assessment to choosing a lab to completing the documentation for the certification.
We provide customized services based upon your specific needs. Those needs are determined by a joint analysis of your product, processes and documentation. Whenever possible we leverage existing information; when necessary, we complete the required documentation for you.
CC Services
Because the needs of our clients vary, any combination of these services may be appropriate:
Initial Assessment – Our team consults with the client to define the Target of Evaluation (TOE) and the appropriate assurance level or Protection Profile (PP) to claim. We also analyze existing vendor documentation to determine the evidence requirements already satisfied and those that require additional effort.
Guidance - Our team provides guidance to the client throughout the evaluation, offering advice on choosing an evaluation laboratory (CCTL) as well as guiding client development of evidence.
Security Target – The Security Target (ST) is the most critical piece of CC evidence, and presents the biggest challenge to the vendors. Our team can assist the vendor in the ST development, or assume complete responsibility for this document.
Evidence Development – If existing vendor evidence does not satisfy all the CC requirements, our team can assist in any area – Development, Guidance Documentation, Life Cycle Support, and/or Test.
FIPS Services
We can assist with any or all of the following services for CMVP and CAVP projects:
Initial Assessment - Our team works with you to determine the appropriate module boundary, security level and algorithms for a validation.
Readiness Review - In-depth review of the proposed module and existing documentation against the requirements of the intended security level.
Algorithm Testing - We can provide technical assistance for harness development, or tale responsibility for the harness and processing the vectors.
Security Policy – The Security Policy (SP) is the centerpiece of a module validation. Our team can assist the vendor or assume responsibility for the SP.
Vendor Evidence - CCC can create the required supporting documentation for module validations, including the Finite State Model and design documentation.