Atsec information security Announces Plans to Extend Common Criteria Evaluation and Cryptographic Module Testing Services.

Austin, TX and Munich, Germany based atsec information security today announced plans to become a fully accredited testing laboratory under the U.S. Common Criteria Evaluation and Validation Scheme (CCEVS). Being accredited and performing evaluations under the Mutual Recognition Arrangement in Germany for several years now, atsec are planning to offer evaluation services soon also within the U.S. Scheme administered by NIST and NSA under the National Information Assurance Partnership (NIAP). At the same time, atsec released their intention to become an accredited lab to offer testing under the Cryptographic Module Validation Program (CMVP).

(PRWEB) December 22, 2004 — As atsec information security prepare to celebrate their fifth year of operation the laboratory director for atsec’s U.S. based laboratories, Helmut Kurth, announced their intention to provide additional Common Criteria evaluation services under the U.S. Common Criteria Evaluation and Validation Scheme (CCEVS) administered by the National Information Assurance Partnership (NIAP); a collaboration between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA).

atsec information security is already accredited by Germany’s Bundesamt f??r Sicherheit in der Informationstechnik (BSI) to perform evaluations for Common Criteria under the Arrangement on the Mutual Recognition of Common Criteria Certificates (MRA) in the Field of IT Security. The atsec laboratory has successfully performed numerous evaluations for companies based in the U.S., Sweden and Germany under this arrangement, also known as the Common Criteria Recognition Arrangement (CCRA).

The United States, Germany, Canada, the United Kingdom and France were the original signatories to the arrangement in 1998, and since then have been joined by a significantly larger number of nations in a second version, signed in May 2000. More information about the CCRA can be found at http://niap.nist.gov/cc-scheme/mutual-rec.html and at http://www.commoncriteriaportal.org.

Gordon McIntosh, atsec’s U.S. Common Criteria laboratory manager, said “The purpose of the CCRA is to ensure that certifications made under different national schemes are recognized as giving equivalent security assurance. International peer schemes recognize evaluations made at Evaluation Assurance Level (EAL)4 and below and may be augmented with Flaw Remediation to give full recognition at up to EAL4+. Unless specific recognition agreements are made then evaluations at EAL5 and above require accreditation under each nations scheme. In an effort to serve our U.S. customers desiring evaluations at higher assurance levels atsec information security is currently in the process of becoming fully accredited under the U.S. CCEVS scheme.” (http://niap.nist.gov/cc-scheme/candidate_testing_labs.html.)

In a further announcement laboratory manager Fiona Pattinson said “It is our intention that our cryptology laboratory will be accredited under the National Voluntary Laboratory Accreditation Program (NVLAP) to provide cryptographic module conformance testing under the Cryptographic Module Validation Program (CMVP). This service will complement atsec’s Common Criteria services. ”

The Cryptographic Module Validation Program is run by the U.S. National Institute of Standards and Technology (NIST) and Canadian Security Establishment (CSE). The program is responsible for assuring validation of cryptographic modules for conformance to NIST’s Federal Information Processing Standard (FIPS) 140-2 and provides the basis for assuring that cryptographic modules that will be used by Federal agencies utilize FIPS approved or NIST-recommended algorithms. Since 1996 Federal agencies have been mandated to ensure that such modules used in cryptographic-based security systems to protect sensitive information in computer and telecommunication systems are validated under the scheme.

The FIPS publication giving security requirements for cryptographic modules is recognized as a benchmark standard in the international arena and is serving as a model for the development of a formal international standard currently being developed by the well known International Organization for Standardization (ISO).

About atsec information security
atsec information security is the leading provider of high-quality information security services. These include laboratory services including product evaluation, as well as general consulting in a wide range of information security areas including Information Security Management Systems (ISMS) , risk management, PKI consulting, privacy assessment, and security auditing. More information about atsec information security can be found at http://www.atsec.com.

atsec information security was founded in 2000, and is present in the U.S. and Europe including Austin, Munich, Cologne, and Stockholm.