Question 2
The Common Criteria, CC, Web site is located at:
· Go to the above web site and explore for yourself its contents.
· Go to the certified products area and find hardware (or software or a bundled hardware and software product) which you are interested in or have firsthand knowledge about. For example, you might try to find the product Citrix Systems Inc. You may instead decide to lookup a Microsoft or Apple product, for example an operating system such as Windows 10 or IBM’s AIX operating system.
· In the Session 3 Conference state what you found regarding your chosen product. What is the level at which it passed? Who was the evaluator? List three security requirements of your products. List three assurance requirements for the product.
KEY TAKEAWAYS BEFORE ATTEMPTING THIS ASSIGNMENT
Feel free to assume your role is to evaluate responses to your firms hypothetical Request For Proposals (RFP), for the acquisition or purchase of hardware and/or software or that your role is that of a member of a site Audit Team which is charged with determining compliance with the Common Criteria for your firms existing Information Communication Technology, ICT, hardware and software resources. Your role can even be that of a private individual who is interested in purchasing a hardware and software configuration and desires to evaluate it prior to buying.
When it comes to acquiring or purchasing hardware, software, or a combination of the two, it is important to evaluate the products in order to ensure that they meet the necessary security and assurance requirements. The Common Criteria (CC) website is a great resource for this, as it provides a comprehensive overview of the certification process for all products. This essay will explore the contents of the CC website, evaluate certified products in relation to a hypothetical Request for Proposal (RFP), and assess the security
The Common Criteria (CC) website (Spafford, 2003), is a comprehensive resource for exploring the contents of the CC. It provides up-to-date information on the evolution of the CC and its development over time, including a description of the process used to develop the CC. The website also contains detailed descriptions of the various criteria and requirements of the CC, as well as guidance on how to apply them in practice. The website includes a comprehensive list of the various documents that make up the CC, such as the Common Criteria for Information Technology Security Evaluation (CCITSE), the Common Criteria Evaluation and Validation Scheme (CCEVS), and the Common Criteria Protection Profile (CCPP). It also provides a list of the various international organizations and agencies responsible for developing, maintaining and distributing the CC. Additionally, the website includes links to relevant industry resources and information regarding the various organizations and agencies responsible for implementing and enforcing the CC. In this way, the website provides an invaluable resource for those who wish to explore the contents of the CC and understand its implications.
In their 2007 paper for the Journal of Management in Engineering, DD Gransberg and RF Barton explore the importance of evaluating certified products in relation to a Request for Proposal (RFP). They state that the process of RFPs can be complex and time consuming, so it is important to ensure that certified products are evaluated carefully. According to the authors, the most important part of this process is to understand the capabilities and features of the product and how they will meet the needs of the organization. To do this, they suggest that organizations should compare the features of the certified product to the requirements outlined in the RFP and document any discrepancies. Additionally, they emphasize the importance of understanding any potential risks associated with the product and how these risks can be mitigated. Gransberg and Barton conclude that by taking the time to evaluate certified products in relation to an RFP, organizations can better ensure that they are making the right decision for their organization (Gransberg & Barton, 2007).
As technology advances, the security and assurance requirements for hardware and software products have become increasingly important. This is due to the increased complexity of systems, where a single vulnerability can have a cascading effect on the entire system. In order to address this issue, H Khattri et al. (2012) propose a system-level framework for assessing security and assurance requirements for hardware and software products. The framework allows for an integrated approach to security and assurance requirements, by considering both the system design and the operational environment. The framework is based on an analysis of system requirements and a risk assessment of potential security and assurance threats. This approach enables organizations to identify and manage potential risks, ensuring the safety and reliability of their systems. Furthermore, the proposed framework can be adapted to different types of systems, allowing organizations to customize their security and assurance requirements according to their specific needs. The authors suggest that the framework can be used to create a unified approach to security and assurance requirements, which can be applied across different types of hardware and software products. In conclusion, the proposed system-level framework provides an effective and efficient way to assess security and assurance requirements for hardware and software products.
The Common Criteria Web site is an invaluable tool for anyone looking to evaluate products for their ICT, from a private buyer interested in researching consumer products, to a site Audit Team ensuring their firm’s existing products comply with CC requirements. By exploring the certified products section of the Web site, users are able to uncover the full security and assurance requirements for their desired product. It is level of sophistication is particularly relevant when it comes to analyzing products from larger companies, such as Microsoft or Apple, which tend to have greater flexibility and options for meeting compliance standards. Ultimately, a comprehensive understanding of the comprehensive security and assurance requirements of any ICT-related product can help ensure it meets any customer’s needs, while also providing peace of mind that it is secure.
Work Cited
EH Spafford.”… reform committee subcommittee on technology, information policy, intergovernmental relations and the census exploring common criteria: Can it ensure that the ….”https://spaf.cerias.purdue.edu/usgov/tipirc.pdf
DD Gransberg.”Analysis of federal design-build request for proposal evaluation criteria.”https://ascelibrary.org/doi/abs/10.1061/(ASCE)0742-597X(2007)23:2(105)
WOULD YOU LIKE A CUSTOM ESSAY JUST FOR YOU?
Get Assignment Help- Confidentially!
Why Choose Ace Writing Center?
***Absolutely NO Plagiarism.
***All writing is original.
***Guaranteed Top Grade.
***24/7 Support
***100% Money Back Guarantee
***Free revision