Understanding Common Criteria Technical Working Groups

I recently had a conversation with a product vendor who was new to the Common Criteria community and it was refreshing to talk about and look at the Common Criteria “machine” from an outside perspective.

One of the interesting parts of that machine is the Common Criteria User Forum (CCUF).  It provides a voice and communications channel within the CC community, including the vendors, consultants, testing laboratories, Common Criteria organizational committees, and national schemes. I have really enjoyed my role as vice chair of the CCUF’s management group because I believe that the CCUF provides a vehicle to effect positive change in the Common Criteria evaluation space. The CCUF provides a way for anyone to get involved in the discussions about Common Criteria and the many things that surround it.  Just as the CCUF’s Teamlab site provides the collaboration tools for many of the Technical Communities, it also provides collaboration areas for the CCUF Technical Working Groups (TWGs).

What are Technical Working Groups?

Technical Working Groups are groups of product developers, consultants, evaluation labs, government schemes, and other CCUF participants working on a specific task needed to move the Common Criteria or the CCUF forward.  There are TWGs working on many interesting topics including:

  • Defining how to use the CC to provide assurance of a product vendor’s supply chain
  • Discussing and defining what can be done to harmonize the cryptographic module and cryptographic implementation evaluations that currently vary from nation to nation
  • Organizing the marketing of the Common Criteria benefits to product purchasers, product vendors, and to nations that do not currently formally recognize Common Criteria evaluations
  • Defining rules and guidance for repeatable structured vulnerability testing in a CC evaluations
  • Providing feedback on the life cycle process that is being developed for creating a collaborative and internationally recognized Protection Profile (PP)
  • Researching and trailing new collaboration tools that could be used by the members of the Technical Communities
  • Creating and compiling ideas on how the Common Criteria standard and the evaluation methodologies should continue to evolve

Get Involved!

There is a lot to be learned from participating in TWGs and many ways you can contribute. The TWGs are a way for you to get involved with changing and improving the Common Criteria evaluation experience.  If you have ever complained about the CC evaluation process or the direction of the Common Criteria policies, there are TWGs that would love to have you help change things.  If your company has invested in Common Criteria evaluations and you want to make sure you continue to see ROI from that investment, there are TWGs that would love to have you contribute. If you are new to Common Criteria and want to understand how CC relates to purchasers’ concerns on supply chain or cryptography in your product, guess what, “there’s a TWG for that.”

Staying Informed

It is important for product vendors and others in the CC industry to stay informed about what TWGs are currently defined and what those groups are currently working on. If you would like to learn more about the existing TWGs, those that are currently forming, or how to get information about specific TWGs, contact Corsec.