CCCAB - Making CABs life easy
•
0 likes•88 views
CCCAB (Common Criteria Conformity Assessment Body) Tool is a unique framework that will allow Common Criteria CABs to smooth the certification process for ICT products, reducing the cost and time required in each single certification process. CCCAB will be developed to support NCCAs (National Cybersecurity Certification Authorities) when acting as CABs for level high and CABs (Conformity Assessment Bodies) for level substantial operating under the EUCC (Common Criteria based European candidate cybersecurity certification scheme) scheme. CCCAB has been selected by the European Commission under the Connecting Europe Facility (CEF) programme as a granted project. Two European NCCAs are also supporting CCCAB: CCN (Spain) and OCSI (Italy), reflecting the magnitude of the project. CCCAB will be released as an open source product and will be free to use allowing the community to improve the tool in the future. The presentation will show the objectives, status of the development and the potential of the tool and what it will mean for the different stakeholders involved in a Common Criteria certification process.
Report
Share
Report
Share
Download to read offline
Recommended
ICCC21 2021 statistics report
This document summarizes Common Criteria certification statistics from various sources including the CCScraper tool. It provides statistics for 2021 based on data collected up to September 30th, highlighting the top certification schemes, assurance levels, laboratories, product categories and manufacturers. It also analyzes trends over the past 5 years and discusses the impact of the COVID-19 pandemic on certification numbers.
Continuous Delivery for people who do not write code - Matthew Skelton - Conflux
Continuous Delivery is a proven set of practices for reliable software releases through build, test, and deployment automation. Organisations around the world have adopted Continuous Delivery (CD) to increase speed and safety of software changes whilst reducing errors and problems in Production.
This talk is an overview of Continuous Delivery for people who do not write code. If you are a delivery manager, project manager, release manager, operations person, business analyst, or anyone else involved in the building, testing, releasing, and running of software systems, this talk will give you an understanding of what Continuous Delivery is about and how it feels to be part of a CD organisation.
(From a talk given in Leeds, UK on 24 Sept 2018)
Building an effective mobile testing strategy
This document discusses building an effective mobile testing strategy. It covers:
1. The growing mobile app market and the many Android and iOS device configurations that must be tested.
2. Approaches to mobile testing including emulators, in-house devices, and mobile cloud solutions. Emulators are free but lack realism, while in-house devices are realistic but expensive to maintain across many devices.
3. Choosing a mobile cloud solution offers advantages over emulators and in-house devices like cost, accessibility from anywhere, wide range of devices, and network coverage through infrastructure provided by cloud service providers.
IEEE Buenaventura cs Chapter March 9 2016 v4
Advanced Continuous Test Automation presentation given by Marc Hornbeek, Sr. Solutions Architect for Spirent at the IEEE meeting Buenaventura chapter March 9, 2016.
End-to-End Software testing services at Faststream technologies
Faststream Technologies, a leading software testing, and quality assurance outsourcing services provider offers customized testing services for all your software applications. Our team of qualified and experienced software testers can check your product on various parameters like applicability, functionality, security, and scalability, to ensure that it meets quality standards and your expectations.
Intland Software's codeBeamer User Conference - 7 Jul 2016 - Stuttgart, Germany
Intland Software's codeBeamer User Conference - 7 Jul 2016 - Stuttgart, GermanyIntland Software GmbH
Intland Software's presentation from its codeBeamer User Conference 2016, which took place on 7 Jul 2016 in Stuttgart, Germany.
http://intland.com/blog/pr/intland-softwares-codebeamer-user-conference-2016Automated Software Testion
Strategic System Internationally share the process through which they go through automated software testing.
The Quality Assurance Checklist for Progressive Testing
This document discusses quality assurance testing for progressive applications. It defines quality assurance as preventing defects through early testing. Progressive testing tests application modules incrementally in a top-down, bottom-up, or hybrid approach. A quality assurance checklist should include unit, regression, performance, security, and installation testing to validate the application and ensure long-term functionality. Comprehensive testing provides benefits like reduced costs, improved customer satisfaction, and increased profits.
Recommended
ICCC21 2021 statistics report
This document summarizes Common Criteria certification statistics from various sources including the CCScraper tool. It provides statistics for 2021 based on data collected up to September 30th, highlighting the top certification schemes, assurance levels, laboratories, product categories and manufacturers. It also analyzes trends over the past 5 years and discusses the impact of the COVID-19 pandemic on certification numbers.
Continuous Delivery for people who do not write code - Matthew Skelton - Conflux
Continuous Delivery is a proven set of practices for reliable software releases through build, test, and deployment automation. Organisations around the world have adopted Continuous Delivery (CD) to increase speed and safety of software changes whilst reducing errors and problems in Production.
This talk is an overview of Continuous Delivery for people who do not write code. If you are a delivery manager, project manager, release manager, operations person, business analyst, or anyone else involved in the building, testing, releasing, and running of software systems, this talk will give you an understanding of what Continuous Delivery is about and how it feels to be part of a CD organisation.
(From a talk given in Leeds, UK on 24 Sept 2018)
Building an effective mobile testing strategy
This document discusses building an effective mobile testing strategy. It covers:
1. The growing mobile app market and the many Android and iOS device configurations that must be tested.
2. Approaches to mobile testing including emulators, in-house devices, and mobile cloud solutions. Emulators are free but lack realism, while in-house devices are realistic but expensive to maintain across many devices.
3. Choosing a mobile cloud solution offers advantages over emulators and in-house devices like cost, accessibility from anywhere, wide range of devices, and network coverage through infrastructure provided by cloud service providers.
IEEE Buenaventura cs Chapter March 9 2016 v4
Advanced Continuous Test Automation presentation given by Marc Hornbeek, Sr. Solutions Architect for Spirent at the IEEE meeting Buenaventura chapter March 9, 2016.
End-to-End Software testing services at Faststream technologies
Faststream Technologies, a leading software testing, and quality assurance outsourcing services provider offers customized testing services for all your software applications. Our team of qualified and experienced software testers can check your product on various parameters like applicability, functionality, security, and scalability, to ensure that it meets quality standards and your expectations.
Intland Software's codeBeamer User Conference - 7 Jul 2016 - Stuttgart, Germany
Intland Software's codeBeamer User Conference - 7 Jul 2016 - Stuttgart, GermanyIntland Software GmbH
Intland Software's presentation from its codeBeamer User Conference 2016, which took place on 7 Jul 2016 in Stuttgart, Germany.
http://intland.com/blog/pr/intland-softwares-codebeamer-user-conference-2016Automated Software Testion
Strategic System Internationally share the process through which they go through automated software testing.
The Quality Assurance Checklist for Progressive Testing
This document discusses quality assurance testing for progressive applications. It defines quality assurance as preventing defects through early testing. Progressive testing tests application modules incrementally in a top-down, bottom-up, or hybrid approach. A quality assurance checklist should include unit, regression, performance, security, and installation testing to validate the application and ensure long-term functionality. Comprehensive testing provides benefits like reduced costs, improved customer satisfaction, and increased profits.
EXTENT-2016: The Future of Software Testing
EXTENT-2016: Software Testing & Trading Technology Trends
22 June, 2016, 10 Paternoster Square, London
The Future of Software Testing
Ingo Philipp, Evangelist & Product Manager, Tricentis
Would like to know more?
Visit our website: extentconf.com
Follow us:
https://www.linkedin.com/company/exactpro-systems-llc?trk=biz-companies-cym
https://twitter.com/exactpro
#extent2016
#exactpro
ESS Software and Firmware
Resource Group provides software and firmware engineering services for safety-critical systems in industries like aerospace, rail, automotive and defense. They have over 20 years of experience meeting exacting requirements and standards like DO-178B/C, DO-278, IEC 61508. Their services include requirements, architecture, design, implementation, verification, validation, testing and certification consultancy. They also help clients address certification challenges for complex FPGA/PLD implementations.
9 Characteristics of Agile Methodologies to Turbo-charge Your Testing by Rex ...
Rex Black will present on opportunities for testers in agile methodologies. When done properly, agile processes provide many benefits to testing such as automated unit testing, static code analysis, continuous integration, and reasonable workloads. Testers should embrace these opportunities by gaining skills in programming and test automation. Maximizing the opportunities can increase software quality.
Managing Traceability in an Agile, Safety-critical Development Environment
Tracing requirements through test cases to released features is vital in the development of safety-critical end products and a key activity to help compliance with standards. Traceability helps ensure that all requirements are covered with features, and that there is no unnecessary code in the released product which could create risks. However, with the increasing adoption of less structured Agile methods, and the growing complexity of mission-critical development projects, ensuring traceability is a challenge.
Our webinar helps you to learn how to establish links between all work items across the lifecycle in complex, multi-tier safety-critical (embedded) software projects in an Agile environment. During the webinar, we cover the basics of traceability, why it's vital in mission-critical projects, and how it can be ensured even if your teams are working with Agile. Whether you're operating in the medical device, automotive, avionics, defense, or any other safety-critical sector, this webinar provides valuable practical knowledge on work item traceability.
Software Testing Services | Best software testing consulting companies
A centralized operational model for testing practices across the organization is a challenging mission for many companies We V2Soft provide software test consulting services in the areas of testing strategy, methodology, process and test competency assessment. We have an established TCoE within V2Soft that provides centralized testing services function across project teams.
For more details visit : https://www.v2soft.com/services/technology/testing-services
Shifting the conversation from active interception to proactive neutralization
When did we forget that old saying, “prevention is the best medicine”, when it comes to cybersecurity? The current focus on mitigating real-time attacks and creating stronger defensive networks has overshadowed the many ways to prevent attacks right at the source – where security management has the biggest impact. Source code is where it all begins and where attack mitigation is the most effective.
In this webinar we’ll discuss methods of proactive threat assessment and mitigation that organizations use to advance cybersecurity goals today. From using static analysis to detect vulnerabilities as early as possible, to managing supply chain security through standards compliance, to scanning for and understanding potential risks in open source, these methods shift attack mitigation efforts left to simplify fixes and enable more cost-effective solutions.
Webinar recording: http://www.roguewave.com/events/on-demand-webinars/shifting-the-conversation-from-active-interception
Introducing: Klocwork Insight Pro | November 2009
The document introduces the Klocwork Insight Pro product, which provides static analysis and productivity tools for developers. It discusses how the product helps developers catch bugs early, automates refactoring, enables continuous analysis at desktops, and facilitates collaborative code reviews. Using the tools can help development teams improve quality, have cleaner builds, and release more secure products on time.
Spirent Accelerating SDN and NFV Deployments
ITEXPO 2016
Spirent: Accelerating SDN and NFV Deployments
Presenter: Malathi Malla, Spirent Communications
Webpage to reference: http://www.spirent.com/Solutions/SDN-NFV-Solutions
plan for penetration test
The document outlines the methodology, engagement plan, identification plan, and action plan for an ethical hacking penetration test. The methodology to be used is the Penetration Testing Execution Standard (PTES) which includes 7 phases from initial communication through vulnerability analysis, exploitation, post-exploitation, and reporting. The engagement plan details preparing tools, deciding timelines and locations, and providing daily updates and a final report. The identification plan is to test 350 workstations, 27 servers, 50 networking devices, and a Microsoft Azure platform. The action plan has three steps - preparation with tools, contracts and permissions; testing through reconnaissance, scanning, access, and analysis; and final reporting.
Software Testing Services
A quick overview of software testing services ScienceSoft provides to Healthcare, Telecommunication, Retail, Banking and other industries.
Deploy + Destroy Complete Test Environments
This presentation, given at STAREAST in May 2016, explains how Service Virtualization, Containers, and Cloud help organizations test applications on their own terms.
Spirent: The Internet of Things: The Expanded Security Perimeter
This document summarizes a presentation about security testing for Internet of Things (IoT) devices. It discusses how the proliferation of IoT devices has expanded the security perimeter and increased security concerns. Some key points made include that IoT devices are vulnerable to attacks due to weak security, lack of encryption, and inability to validate certificates. The document recommends testing practices for IoT security such as fuzz testing, security audits, blended volumetric attack testing, and quality of experience validation to identify vulnerabilities before customers are impacted.
Automated requirements based testing for ISO 26262
This document discusses automated requirements-based testing for ISO 26262. It describes the software verification phases in ISO 26262 and the methods for deriving test cases from requirements. Requirements-based testing involves generating tests from requirements to ensure requirements coverage and traceability. The document outlines a process for automated test generation, execution and traceability to provide evidence of testing according to ISO 26262 standards.
End to End Test of Network Management Software
Test cycle time was reduced by 40% | Quick Ramp-up of testing devices from 12 to 100
Web-based network management & control application that facilitates integration of network controller with various access points connected across the floor/ building. It enables connection of various wireless devices such as laptops, mobiles and tablets to the configured access points for seamless internet connectivity. Its mobile portal enables direct
configuration, test, deployment, tracking update and it also supports tailored services to all user segments. The application has cloud-based architecture, so it integrates with enterprise AAA, VPN and other systems and extends support to new network and device technologies as they emerge.
DevOps Continuous Testing and LaaS – The Perfect Match for SDN
Without continuous testing there is no continuous delivery. Everyone in DevOps talks about continuous integration and continuous delivery but those are just two ends of the DevOps pipeline. In the middle of DevOpsis continuous testing (CT), and many organizations are struggling to implement continuous testing effectively. Lab-As-A- Service (LaaS) enhances CT with dynamic on-demand self-serve test topologies. CT together with LAAS make a powerful combination that perfectly serves complex software development and delivery pipelines.
Software Defined Networks (SDNs) turn the network into a flexible configurable system of software components and connections which is powerful but presents new complexities and challenges for network software development, delivery and deployments.
This talk explains how DevOps best practices for continuous testing when combined with LaaS are make an excellent combination to accelerate SDN realization and operations. The talk describes people, process and products required for SDN continuous testing and online self-service continuous lab and testing services.
AppsSec In a DevOps World
Application Security in a DevOps World: Three Methods for Shifting Left Operations has always resided clearly outside of development. Release candidates are tossed over the fence by development and operations was expected to “just make it work.” The same can be said about many other activities, including application security. This isn’t intended to be derision aimed at development—it’s just a feature of how processes have historically been demarcated.
But with the emergence of the DevOps movement, organizations are beginning to apply the “shift-left” principle associated with early testing toward other facets of application development. Security, which has been treated as something you can test into an application, should be built into an application according to DevOps principles.
In this presentation, we discuss how to get development and operations working together to build security into the application. We’ll outline three methods and discuss their merits and drawbacks:
• Penetration testing: This is the approach most commonly used.
• Hybrid testing: By applying flow (dynamic analysis) early in the process, you can that look for possible paths through the code that lead to security flaws.
• Preventative testing: By taking a standards-based approach and implementing a set of activities that target defects that lead to security vulnerabilities, you are able to get ahead of security issues that diminish the effectiveness of DevOps approaches.
Norse Live Attack Map http://map.ipviking.com/
8,000,000 sensors in 200 data centers in 50 countries – designed to look like everything
The top 5,000,000 worst IPs on the internet
"There are very rarely attacks against Canada, for whatever reason. I guess they're just too nice."
See also http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&list=0&time=16447&view=map for DDOS live
EXTENT-2016: Managing QA for Complex Systems in Agile Development Framework
Alexey Zverev, CEO of Exactpro, presented on testing complex systems within agile development frameworks. The presentation outlined fundamental principles of QA management, including continuously learning about the system and improving test design through iterations. It then discussed common "anti-patterns" such as over-relying on requirements traceability matrices or test plans. Finally, it summarized Exactpro's principles, such as developing team knowledge, versus these anti-patterns.
How to Achieve Functional Safety in Safety-Citical Embedded Systems
Whether they operate in the medical, automotive, avionics, or any other field, developers of safety-critical embedded systems understand the importance of quality assurance, risk and process control, and artifact traceability. Current trends in these industries predict that the challenges of complexity brought about by IoT connectivity, smart system of systems products, and embedded software will become even greater. To tackle these challenges, developers have to come up with innovative strategies to ensure the functional safety and reliability of their products.
In this webinar, we focus on the tools, processes and techniques around requirements and testing that are considered vital to ensuring functional safety in embedded systems. Adequate requirements definition, requirements-based testing, risk management, and test coverage analysis are a few of the techniques that help achieve functional safety in the development of such systems. Our webinar helps you to learn more about ensuring the safety of your mission-critical end products.
Delivering Large Post-Trade Initiatives: Quality Assurance and Key Challenges
Difficulties in coping with functional complexity
experienced by the project team:
• Aligning tests correctly in batches that correspond to events in
the daily life cycle, including multiple days
• Accelerating the daily life cycle to speed up test execution and to cover
Settlement Failure processes in testing within a reasonable timeframe
• Accurately simulating and controlling test inputs from upstream systems
and outputs to downstream systems
• Management of complex Reference Data setup
• Involvement of complex components such as Risk Management
and Collateral Management systems
• Test cycle turnaround time, client certification and test automation
Keynote Speakers:
Alyona Lamash FRM Head of Risk Management Practice, Exactpro Systems
Mark Ryland Financial Markets Technology Consultant, Independent Consulting, United Kingdom
CCCAB tool - Making CABs life easy - Chapter 2
CCCAB (Common Criteria Conformity Assessment Body) Tool is a unique framework that will allow Common Criteria CABs to smooth the certification process for ICT products, reducing the cost and time required in each single certification process.
CCCAB will be developed to support NCCAs (National Cybersecurity Certification Authorities) when acting as CABs for level high and CABs (Conformity Assessment Bodies) for level substantial operating under the EUCC (Common Criteria based European candidate cybersecurity certification scheme) scheme. CCCAB has been selected by the European Commission under the Connecting Europe Facility (CEF) programme as a granted project. Two European NCCAs are also supporting CCCAB: CCN (Spain) and OCSI (Italy), reflecting the magnitude of the project. CCCAB will be released as an open source product and will be free to use allowing the community to improve the tool in the future. This tool was presented at last ICCC.
In this year presentation, we will be able to show the specifications that have been defined to interact with the tool. We will be able to present the current status of the development showing the first operational version of CCCAB. Finally, we will discuss the challenges to make the tool accessible widely.
Project P Open Workshop
The document summarizes a presentation on the Project P project for developing model compilers for safety critical systems. Some key points:
- Project P developed a generic framework and code generator called QGEN to generate code from models in languages like Simulink and Stateflow to languages like C and Ada.
- The framework and QGEN were qualified up to DO-178C level TQL1 to allow their use in safety critical systems.
- Case studies demonstrated the use of QGEN at companies like Thales Alenia Space to generate Ada code for a spacecraft attitude control system from Simulink models.
PeopleCert ExamShield Technical Details.pdf
This document provides an overview of PeopleCert ExamShield, which is PeopleCert's proprietary software for online proctored exams. It discusses PeopleCert and its quality management system, describes ExamShield features for secure exam delivery and preventing cheating, lists system requirements, and provides technical details on network endpoints and ports required.
More Related Content
What's hot
EXTENT-2016: The Future of Software Testing
EXTENT-2016: Software Testing & Trading Technology Trends
22 June, 2016, 10 Paternoster Square, London
The Future of Software Testing
Ingo Philipp, Evangelist & Product Manager, Tricentis
Would like to know more?
Visit our website: extentconf.com
Follow us:
https://www.linkedin.com/company/exactpro-systems-llc?trk=biz-companies-cym
https://twitter.com/exactpro
#extent2016
#exactpro
ESS Software and Firmware
Resource Group provides software and firmware engineering services for safety-critical systems in industries like aerospace, rail, automotive and defense. They have over 20 years of experience meeting exacting requirements and standards like DO-178B/C, DO-278, IEC 61508. Their services include requirements, architecture, design, implementation, verification, validation, testing and certification consultancy. They also help clients address certification challenges for complex FPGA/PLD implementations.
9 Characteristics of Agile Methodologies to Turbo-charge Your Testing by Rex ...
Rex Black will present on opportunities for testers in agile methodologies. When done properly, agile processes provide many benefits to testing such as automated unit testing, static code analysis, continuous integration, and reasonable workloads. Testers should embrace these opportunities by gaining skills in programming and test automation. Maximizing the opportunities can increase software quality.
Managing Traceability in an Agile, Safety-critical Development Environment
Tracing requirements through test cases to released features is vital in the development of safety-critical end products and a key activity to help compliance with standards. Traceability helps ensure that all requirements are covered with features, and that there is no unnecessary code in the released product which could create risks. However, with the increasing adoption of less structured Agile methods, and the growing complexity of mission-critical development projects, ensuring traceability is a challenge.
Our webinar helps you to learn how to establish links between all work items across the lifecycle in complex, multi-tier safety-critical (embedded) software projects in an Agile environment. During the webinar, we cover the basics of traceability, why it's vital in mission-critical projects, and how it can be ensured even if your teams are working with Agile. Whether you're operating in the medical device, automotive, avionics, defense, or any other safety-critical sector, this webinar provides valuable practical knowledge on work item traceability.
Software Testing Services | Best software testing consulting companies
A centralized operational model for testing practices across the organization is a challenging mission for many companies We V2Soft provide software test consulting services in the areas of testing strategy, methodology, process and test competency assessment. We have an established TCoE within V2Soft that provides centralized testing services function across project teams.
For more details visit : https://www.v2soft.com/services/technology/testing-services
Shifting the conversation from active interception to proactive neutralization
When did we forget that old saying, “prevention is the best medicine”, when it comes to cybersecurity? The current focus on mitigating real-time attacks and creating stronger defensive networks has overshadowed the many ways to prevent attacks right at the source – where security management has the biggest impact. Source code is where it all begins and where attack mitigation is the most effective.
In this webinar we’ll discuss methods of proactive threat assessment and mitigation that organizations use to advance cybersecurity goals today. From using static analysis to detect vulnerabilities as early as possible, to managing supply chain security through standards compliance, to scanning for and understanding potential risks in open source, these methods shift attack mitigation efforts left to simplify fixes and enable more cost-effective solutions.
Webinar recording: http://www.roguewave.com/events/on-demand-webinars/shifting-the-conversation-from-active-interception
Introducing: Klocwork Insight Pro | November 2009
The document introduces the Klocwork Insight Pro product, which provides static analysis and productivity tools for developers. It discusses how the product helps developers catch bugs early, automates refactoring, enables continuous analysis at desktops, and facilitates collaborative code reviews. Using the tools can help development teams improve quality, have cleaner builds, and release more secure products on time.
Spirent Accelerating SDN and NFV Deployments
ITEXPO 2016
Spirent: Accelerating SDN and NFV Deployments
Presenter: Malathi Malla, Spirent Communications
Webpage to reference: http://www.spirent.com/Solutions/SDN-NFV-Solutions
plan for penetration test
The document outlines the methodology, engagement plan, identification plan, and action plan for an ethical hacking penetration test. The methodology to be used is the Penetration Testing Execution Standard (PTES) which includes 7 phases from initial communication through vulnerability analysis, exploitation, post-exploitation, and reporting. The engagement plan details preparing tools, deciding timelines and locations, and providing daily updates and a final report. The identification plan is to test 350 workstations, 27 servers, 50 networking devices, and a Microsoft Azure platform. The action plan has three steps - preparation with tools, contracts and permissions; testing through reconnaissance, scanning, access, and analysis; and final reporting.
Software Testing Services
A quick overview of software testing services ScienceSoft provides to Healthcare, Telecommunication, Retail, Banking and other industries.
Deploy + Destroy Complete Test Environments
This presentation, given at STAREAST in May 2016, explains how Service Virtualization, Containers, and Cloud help organizations test applications on their own terms.
Spirent: The Internet of Things: The Expanded Security Perimeter
This document summarizes a presentation about security testing for Internet of Things (IoT) devices. It discusses how the proliferation of IoT devices has expanded the security perimeter and increased security concerns. Some key points made include that IoT devices are vulnerable to attacks due to weak security, lack of encryption, and inability to validate certificates. The document recommends testing practices for IoT security such as fuzz testing, security audits, blended volumetric attack testing, and quality of experience validation to identify vulnerabilities before customers are impacted.
Automated requirements based testing for ISO 26262
This document discusses automated requirements-based testing for ISO 26262. It describes the software verification phases in ISO 26262 and the methods for deriving test cases from requirements. Requirements-based testing involves generating tests from requirements to ensure requirements coverage and traceability. The document outlines a process for automated test generation, execution and traceability to provide evidence of testing according to ISO 26262 standards.
End to End Test of Network Management Software
Test cycle time was reduced by 40% | Quick Ramp-up of testing devices from 12 to 100
Web-based network management & control application that facilitates integration of network controller with various access points connected across the floor/ building. It enables connection of various wireless devices such as laptops, mobiles and tablets to the configured access points for seamless internet connectivity. Its mobile portal enables direct
configuration, test, deployment, tracking update and it also supports tailored services to all user segments. The application has cloud-based architecture, so it integrates with enterprise AAA, VPN and other systems and extends support to new network and device technologies as they emerge.
DevOps Continuous Testing and LaaS – The Perfect Match for SDN
Without continuous testing there is no continuous delivery. Everyone in DevOps talks about continuous integration and continuous delivery but those are just two ends of the DevOps pipeline. In the middle of DevOpsis continuous testing (CT), and many organizations are struggling to implement continuous testing effectively. Lab-As-A- Service (LaaS) enhances CT with dynamic on-demand self-serve test topologies. CT together with LAAS make a powerful combination that perfectly serves complex software development and delivery pipelines.
Software Defined Networks (SDNs) turn the network into a flexible configurable system of software components and connections which is powerful but presents new complexities and challenges for network software development, delivery and deployments.
This talk explains how DevOps best practices for continuous testing when combined with LaaS are make an excellent combination to accelerate SDN realization and operations. The talk describes people, process and products required for SDN continuous testing and online self-service continuous lab and testing services.
AppsSec In a DevOps World
Application Security in a DevOps World: Three Methods for Shifting Left Operations has always resided clearly outside of development. Release candidates are tossed over the fence by development and operations was expected to “just make it work.” The same can be said about many other activities, including application security. This isn’t intended to be derision aimed at development—it’s just a feature of how processes have historically been demarcated.
But with the emergence of the DevOps movement, organizations are beginning to apply the “shift-left” principle associated with early testing toward other facets of application development. Security, which has been treated as something you can test into an application, should be built into an application according to DevOps principles.
In this presentation, we discuss how to get development and operations working together to build security into the application. We’ll outline three methods and discuss their merits and drawbacks:
• Penetration testing: This is the approach most commonly used.
• Hybrid testing: By applying flow (dynamic analysis) early in the process, you can that look for possible paths through the code that lead to security flaws.
• Preventative testing: By taking a standards-based approach and implementing a set of activities that target defects that lead to security vulnerabilities, you are able to get ahead of security issues that diminish the effectiveness of DevOps approaches.
Norse Live Attack Map http://map.ipviking.com/
8,000,000 sensors in 200 data centers in 50 countries – designed to look like everything
The top 5,000,000 worst IPs on the internet
"There are very rarely attacks against Canada, for whatever reason. I guess they're just too nice."
See also http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&list=0&time=16447&view=map for DDOS live
EXTENT-2016: Managing QA for Complex Systems in Agile Development Framework
Alexey Zverev, CEO of Exactpro, presented on testing complex systems within agile development frameworks. The presentation outlined fundamental principles of QA management, including continuously learning about the system and improving test design through iterations. It then discussed common "anti-patterns" such as over-relying on requirements traceability matrices or test plans. Finally, it summarized Exactpro's principles, such as developing team knowledge, versus these anti-patterns.
How to Achieve Functional Safety in Safety-Citical Embedded Systems
Whether they operate in the medical, automotive, avionics, or any other field, developers of safety-critical embedded systems understand the importance of quality assurance, risk and process control, and artifact traceability. Current trends in these industries predict that the challenges of complexity brought about by IoT connectivity, smart system of systems products, and embedded software will become even greater. To tackle these challenges, developers have to come up with innovative strategies to ensure the functional safety and reliability of their products.
In this webinar, we focus on the tools, processes and techniques around requirements and testing that are considered vital to ensuring functional safety in embedded systems. Adequate requirements definition, requirements-based testing, risk management, and test coverage analysis are a few of the techniques that help achieve functional safety in the development of such systems. Our webinar helps you to learn more about ensuring the safety of your mission-critical end products.
Delivering Large Post-Trade Initiatives: Quality Assurance and Key Challenges
Difficulties in coping with functional complexity
experienced by the project team:
• Aligning tests correctly in batches that correspond to events in
the daily life cycle, including multiple days
• Accelerating the daily life cycle to speed up test execution and to cover
Settlement Failure processes in testing within a reasonable timeframe
• Accurately simulating and controlling test inputs from upstream systems
and outputs to downstream systems
• Management of complex Reference Data setup
• Involvement of complex components such as Risk Management
and Collateral Management systems
• Test cycle turnaround time, client certification and test automation
Keynote Speakers:
Alyona Lamash FRM Head of Risk Management Practice, Exactpro Systems
Mark Ryland Financial Markets Technology Consultant, Independent Consulting, United Kingdom
What's hot (19)
9 Characteristics of Agile Methodologies to Turbo-charge Your Testing by Rex ...
9 Characteristics of Agile Methodologies to Turbo-charge Your Testing by Rex ...
Managing Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development Environment
Software Testing Services | Best software testing consulting companies
Software Testing Services | Best software testing consulting companies
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter
Automated requirements based testing for ISO 26262
Automated requirements based testing for ISO 26262
DevOps Continuous Testing and LaaS – The Perfect Match for SDN
DevOps Continuous Testing and LaaS – The Perfect Match for SDN
EXTENT-2016: Managing QA for Complex Systems in Agile Development Framework
EXTENT-2016: Managing QA for Complex Systems in Agile Development Framework
How to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded Systems
Delivering Large Post-Trade Initiatives: Quality Assurance and Key Challenges
Delivering Large Post-Trade Initiatives: Quality Assurance and Key Challenges
Similar to CCCAB - Making CABs life easy
CCCAB tool - Making CABs life easy - Chapter 2
CCCAB (Common Criteria Conformity Assessment Body) Tool is a unique framework that will allow Common Criteria CABs to smooth the certification process for ICT products, reducing the cost and time required in each single certification process.
CCCAB will be developed to support NCCAs (National Cybersecurity Certification Authorities) when acting as CABs for level high and CABs (Conformity Assessment Bodies) for level substantial operating under the EUCC (Common Criteria based European candidate cybersecurity certification scheme) scheme. CCCAB has been selected by the European Commission under the Connecting Europe Facility (CEF) programme as a granted project. Two European NCCAs are also supporting CCCAB: CCN (Spain) and OCSI (Italy), reflecting the magnitude of the project. CCCAB will be released as an open source product and will be free to use allowing the community to improve the tool in the future. This tool was presented at last ICCC.
In this year presentation, we will be able to show the specifications that have been defined to interact with the tool. We will be able to present the current status of the development showing the first operational version of CCCAB. Finally, we will discuss the challenges to make the tool accessible widely.
Project P Open Workshop
The document summarizes a presentation on the Project P project for developing model compilers for safety critical systems. Some key points:
- Project P developed a generic framework and code generator called QGEN to generate code from models in languages like Simulink and Stateflow to languages like C and Ada.
- The framework and QGEN were qualified up to DO-178C level TQL1 to allow their use in safety critical systems.
- Case studies demonstrated the use of QGEN at companies like Thales Alenia Space to generate Ada code for a spacecraft attitude control system from Simulink models.
PeopleCert ExamShield Technical Details.pdf
This document provides an overview of PeopleCert ExamShield, which is PeopleCert's proprietary software for online proctored exams. It discusses PeopleCert and its quality management system, describes ExamShield features for secure exam delivery and preventing cheating, lists system requirements, and provides technical details on network endpoints and ports required.
Automating Common Criteria
This document discusses José Ruiz and his experience with Common Criteria and FIPS certification standards. It then summarizes the need for automation tools to streamline the certification process, addressing issues like a lack of engineers and high paperwork demands. Specific tools are mentioned, including NIAP's tool for automating security targets and CCToolbox, which the document's author developed. CCToolbox aims to simplify and automate documentation, evaluation activities, and the overall certification workflow. Benefits discussed include reduced time and costs for manufacturers and laboratories.
Managing Your ROI & TCO In Automation Testing | V&V Webinar PPT
The million-dollar question for every QA lead, project manager, or even a tech lead of any #OEM: “How to reduce TCO and increase RoI? What are the best approaches to make my #testautomation more effective and efficient?”
We covered the above questions in our focused #webinar on test automation titled “Managing Your RoI & TCO in Automation Testing” on 29th July 2021, 4:00 PM – 5:00 PM Indian Time.
Utthunga’s very own #testautomationexperts Mr. Ravi Kumar N G and Mr. Nandan HA were the presenters and guided attendees with various ways to calculate and improve your RoI and #TCO.
In the 60 minutes of the webinar, the speakers discussed on below points:
1. How to enhance RoI with a good test #automation strategy
2. Learn how to calculate and improve TCO
3. Best practices to improve #ROI and TCO
You can view the webinar recording by clicking on the link https://youtu.be/qAHAFPmc3HM
Please feel free to share these links with your colleagues who may be interested.
If you have any queries or require more information regarding the topic or wish to know more about Utthunga you can mail us at contact@utthunga.com or visit our website https://utthunga.com/
© 2021 Utthunga
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Content presented as part of Cisco Live 2015 in San Diego
Why DevOps and what it means to be a DevOps-Enabled Organization?
Recommendations on Toolchain, Metrics framework, best practices and tips to help you embark on your IT Organization on DevOps journey
Ensuring Successful OPNFV-based NFV Deployments | QualiTest Group
QualiTest hosts a webinar: Ensuring Successful OPNFV-based NFV Deployments
QualiTest and QualiSystems team up to bring you an overview of OPNFV-based NFV Deployments. We'll discuss the fundamentals and capability of the carrier-grade, integrated platform. We'll cover just how to anticipate NFV testing challenges and explore the solutions.
Hosted by:
Hans Ashhlock - QualiSystems
Benny Sand - QualiTest Group
Hosted on: November 3rd, 2015
QualiTest is the world’s second largest pure play software testing and QA company. Testing and QA is all that we do! visit us at: www.QualiTestGroup.com
Navaneethan Balakrishnan_Resume
- The document provides a summary of Navaneethan Balakrishnan's work experience as a QA - ETL Test Lead including 8 years of experience in software testing across various domains like investments, insurance, and healthcare. Some of the tools and technologies he has experience with include Quick Test Pro, Quality Center, SQL, VB Script, and mainframe technologies. The summary highlights his role as an offshore and onsite test lead managing teams of up to 18 people.
Common Criteria service overview for Developers - jtsec a CC consultancy company
We can help you to pass a Common Criteria evaluation, we know the tips & the tricks and can help you to save a lot of money. Obtain a Common Criteria Certification assisted by our experts.
SyCAS Brochure
The document discusses SyCAS, a graphical system developed by Vega Systems for conformity assessment of complex products and systems. SyCAS allows for the development of assessment schemas for any product/system standard, and can then be used repeatedly for certification without requiring the original experts each time. It provides benefits like structured and consistent assessment processes, feedback on deficiencies, and savings from reduced risks and more efficient approval. Vega Systems offers training and long-term support packages to help clients implement and effectively use SyCAS within their organization.
LFN Dev and Testing Forum 2022 CNF Certification Tutorial
This document discusses the Cloud Native Network Function (CNF) Certification Program, which provides confidence to Communication Service Providers that network functions from vendors demonstrate cloud native best practices. It outlines the steps to earn "Certified CNF" status, including running certification tests using the CNF Test Suite to test configurations for security, microservices, reliability and other areas. Certification is free for CNCF members and non-profits. The document also provides resources for learning more or getting help with the certification process.
New ThousandEyes Product Features and Release Highlights: March 2024
ThousandEyes has released several new features and enhancements in February 2024, including a new API monitoring test type, platform innovations like dashboard filters, and improvements to endpoint monitoring. The presentation provides demonstrations of the new API test type, AWS API Gateway recommendations, Cisco Secure Access experience insights integration, enhanced endpoint test creation workflow, and event detection capabilities.
Navaneethan Balakrishnan_Resume
- The document provides a summary of Navaneethan Balakrishnan's work experience as an ETL/DB Test Lead, including over 8 years of experience in software testing across various domains like investments, insurance, and healthcare. Some of the tools and technologies he has experience with include Quick Test Pro, Quality Center, SQL, VB Script, and mainframe technologies. The summary highlights his technical skills and certifications.
Quick wins in the NetOps Journey by Vincent Boon, Opengear
A high level overview on how Network Operations within an Organization can adopt automation within their daily work.
Improved Go to Market Time & Reduced Operational Cost
The client, an online banking organization, wanted to revamp its product portfolio and introduce new services. It needed to test new applications before launch to ensure secure services. However, the client faced challenges performing all required testing. ITC Infotech implemented a collaborative testing model through a dedicated Testing Center of Excellence (TCoE). The TCoE helped improve testing efficiency, reduce costs, and accelerate new product launches through automated testing and optimized processes. This allowed the client to expand its offerings while maintaining high service quality.
Automatied Testing QA
"Automated testing is a technology that can radically alter the economics of software development. Investment in this technology can enable you to provide better software quality, both more rapidly and at a lower cost."
Automated QA/Testing using WorkSoft certify. Find out how to move quickly from manual to automated testing. The ROI and benefits as well.
Service Virtualization: What, Who, When, and How
Service virtualization provides many benefits for both development and test teams. For testers, service virtualization empowers them to work in parallel with their development counterparts and take control of their own schedules. They no longer have to wait for development to complete their work or to get access to a restricted system such as a mainframe or a third party API. Test teams can get the basic details from dev and/or use a sample request and response pair to create a virtual service themselves. With no need to wait on others to start testing, testing can start at iteration one freeing up more time for exploratory, integration, and performance testing. With service virtualization, developers spend less time creating mocks and stubs, and more time developing and completing unit tests. The virtual services they create can be shared for additional testing, ultimately saving everybody time and effort. Join Kenneth Merkel and take the first step in adopting virtual services by learning more about what you can virtualize, how the services get created, common use cases, and adoption benefits.
From Continuous to Autonomous Testing with AI
Continuous testing, or DevOps embedded with QA, helps organizations keep pace with market dynamics. Artificial intelligence can augment testing to be autonomous and zero touch.
Resume
Nandeesha BK has over 8 years of experience in SOA middleware automation, software development, and testing. He has expertise in virtualizing business systems using tools like CA LISA DevTest and designing automation scripts. Currently he works as a Principal Software Engineer at Tesco Hindustan Service Center where he is involved in projects like Customer Instore Picking and Club Card, focusing on test automation, virtualization, and quality assurance. He has also previously consulted for projects at HCL Technologies and Unosoft Technologies in areas like middleware testing, integration testing, and test automation.
Improve Developer Experience with Developer Portal
This document discusses improving developer experience through a developer portal. It outlines some common developer pain points such as lack of standardization and visibility. A developer portal can help address these issues by providing easy access to services, standardized configurations, and visibility into operations. The document then introduces SCB TechX's Self-Service Portal, which aims to enable product teams to quickly ship code securely through automation and best practices for operations and security.
Similar to CCCAB - Making CABs life easy (20)
Managing Your ROI & TCO In Automation Testing | V&V Webinar PPT
Managing Your ROI & TCO In Automation Testing | V&V Webinar PPT
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Ensuring Successful OPNFV-based NFV Deployments | QualiTest Group
Ensuring Successful OPNFV-based NFV Deployments | QualiTest Group
Common Criteria service overview for Developers - jtsec a CC consultancy company
Common Criteria service overview for Developers - jtsec a CC consultancy company
LFN Dev and Testing Forum 2022 CNF Certification Tutorial
LFN Dev and Testing Forum 2022 CNF Certification Tutorial
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Improved Go to Market Time & Reduced Operational Cost
Improved Go to Market Time & Reduced Operational Cost
Improve Developer Experience with Developer Portal
Improve Developer Experience with Developer Portal
More from Javier Tallón
Evolucionando la evaluación criptográfica - Episodio II
A ningún fabricante le es ajeno que los requisitos criptográficos a la hora de desarrollar cualquier producto son cada vez mayores. Por ello, CCN ha desarrollado, con el soporte de jtsec, una metodología que incluye pruebas de conformidad, búsqueda de errores comunes en las implementaciones y requisitos de implementación de las primitivas criptográficas aplicados a la metodología LINCE. En esta charla explicaremos las principales novedades introducidas en la Metodología de Evaluación de Mecanismos Criptográficos presentada el año pasado, así como la definición de la nueva Metodología de Evaluación Criptográfica conforme a la CCN STIC-130.
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
En la actualidad existe un gran número de soluciones biométricas en el mercado, que se aplican cada vez más en sectores clave como la banca, la administración pública y los seguros.
El Ministerio de Asuntos Económicos y Transformación Digital publicó la primera orden ministerial, en el BOE núm. 115, de 14 de mayo de 2021, que regula los métodos de videoidentificación a distancia para la emisión de certificados electrónicos reconocidos. A raíz de esta legislación, el CCN, desarrolló un módulo de evaluación biométrica (MEB), que permite la evaluación de soluciones biométricas tanto para la metodología LINCE como para Common Criteria siguiendo la guía IT-014.
Durante la charla se explica cómo se aplica la guía IT-014 y los diferentes tipos de ataques de presentación que contempla; impostor, mediante vídeos, mediante máscaras, mediante herramientas deepfake, etc.
La charla es eminentemente técnica y mostrará ejemplos de ataques reales ejecutados durante las evaluaciones.
jtsec, con su experiencia en las primeras evaluaciones de soluciones biométricas, ofrecerá una visión general de cómo se han llevado a cabo dichas evaluaciones y los tipos de ataques más difíciles de mitigar para los proveedores.
La charla describe las particularidades de las evaluaciones en la nube tanto a nivel técnico como en el proceso. Además, pone de relieve los esfuerzos realizados a nivel nacional para que se puedan evaluar este tipo de soluciones.
ICCC2023 Statistics Report, has Common Criteria reached its peak?
As is customary in the last editions of ICCC, the statistics related to Common Criteria provide significant market data. This year, stable data is presented. Data collection is done using CC Scraper, a tool developed by jtsec that automatically analyzes information from the CC and CBs portals using OCR capabilities and other features. Would you like to know the data for the first three quarters of 2023 and the evolution in recent years in terms of the number of certifications? Other data will also be disclosed, such as top labs and vendors, most used assurance levels, or most used protection profiles. This presentation showcases Common Criteria’s data in a year when the market has stabilized after several years of political and health instability.
ICCC23 -The new cryptographic evaluation methodology created by CCN
The use of cryptographic primitives to safeguard sensitive information in hardware, software, and firmware products is witnessing widespread adoption. Recognizing the increasing cryptographic requirements, CCN (Certification Body for National Cryptology) has developed a methodology in collaboration with jtsec. This methodology encompasses conformance testing, identification of common implementation pitfalls, and implementation requirements for cryptographic primitives.
The primary objective of this cryptographic methodology is to establish a standardized framework for conducting cryptographic evaluations of Target of Evaluations (TOEs). These evaluations aim to obtain Common Criteria certificates and other certifications. The methodology specifically targets products in which cryptographic mechanisms form a crucial part of their core functionality, such as VPNs, HSMs, ciphers, communication apps, and more.
During the talk, the speakers will introduce the new approach to evaluate cryptography in Spain, following the jointly created methodology by CCN and jtsec. They will also demonstrate a tool designed to verify the compliance of cryptographic primitives. This presentation will be particularly beneficial for product developers, as they will learn about the requirements that will be demanded in Spain going forward. It will also be of interest to other Certification Bodies (CBs) who may find this methodology and tool valuable in their own evaluations.
Experiences evaluating cloud services and products
The market for IT products is constantly evolving. More and more vendors are developing products and services deployed only in the cloud (Cloud Native). This implies a paradigm shift in the way assessments are carried out, in the methodology to be followed and in the tests to be performed.
Today, it is NOT possible to use Common Criteria to evaluate cloud services, despite many administrations are migrating to cloud solutions.
This talk will not talk about Cloud programs such as FedRamp, ENS, C5, SecNumCloud or ENISA EUCS scheme. All these schemes, evaluate the clod infrastructure and the controls specified in the respective standards.
But in those standards, we cannot find assurance requirements related to the product/service itself. e.g. If your WAF (Web Application Firewall) is cloud native and deployed in the cloud, you could obtain those cloud certifications but it would be NOT possible to obtain a CC certification using NIAP PPs.
To solve this problematic, a practical approach has been followed in Spain, evaluating the cloud services using the LINCE methodology but obtaining a qualification mark (instead of a certification). Several vendors such as AWS, Google or Microsoft have already undergone this kind of processes.
In this talk, we want to show jtsec’s hands-on experience evaluating cloud services and discuss the main issues that have been faced and the solutions that have been found (TOE definition, Test environment, TOE identification, permission to test, etc…).
We would like also to discuss how the experience obtained using the LINCE methodology could be extrapolated (or NOT) to the CC World.
TAICS - Cybersecurity Certification for European Market.pptx
Taiwan Association of Information and Communication Standards (TAICS) organized a private event aimed mainly at Taiwanese developers and manufacturers who intend to integrate their products into the European market.
Due to the amount of existing cybersecurity legislation and methodologies in Europe, TAICS offered a webinar to clarify certain doubts, mainly regarding legal milestones and mandatory compliance when including an IT product in the European market.
La ventaja de implementar una solución de ciberseguridad certificada por el C...
El documento introduce el Centro Criptológico Nacional (CCN) y el Esquema Nacional de Seguridad (ENS), y explica que el CCN-STIC 105 Catálogo de Productos y Servicios de Seguridad de las Tecnologías de la Información y la Comunicación (CPSTIC) ofrece un listado de productos con garantías de seguridad contrastadas por el CCN. También describe los procesos de certificación LINCE y Common Criteria para incluir productos en el catálogo, y los beneficios que esto conlleva para las organizaciones.
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
The draft of the URWP (Union Rolling Work Programme) of the European commission suggests a European Crypto Scheme as one of the potential schemes to be created under the CSA. The use of cryptographic modules to protect sensitive information in hardware, software and firmware products is becoming increasingly widespread. Until now, there has been a reference methodology for cryptographic evaluation at international level, FIPS 140-3. Nonetheless, at the SOG-IS level, there have been efforts to harmonize evaluations in Europe. The publication of the SOGIS Agreed Cryptographic Mechanisms or the SOGIS Harmonised cryptographic Evaluation Procedures show the efforts conducted in Europe during the last years. However, the pandemic situation has slowed down the progress. This talk will present the new approach to evaluate cryptography in Spain according to the methodology created jointly by CCN (Spanish CB) and jtsec, which could serve as a base for a potential European scheme. In addition, this talk will show the tool created to verify the conformance of cryptographic primitives.
This presentation will be especially useful for schemes and government entities to check if the approach could fit their needs.
Hacking your jeta.pdf
Seguro que has visto cómo cada vez más sectores como la banca o los seguros permiten abrir cuentas legalmente vinculadas sin la intervención (a priori) de un operador humano gracias a procesos de videoidentificación, pero, ¿te has preguntado qué tan seguros son?
El Ministerio de Asuntos Económicos y Transformación Digital, en el BOE núm. 115, de 14 de mayo de 2021 y con motivo de la emergencia sanitaria generada por la crisis de la COVID-19, regulaba los métodos de identificación remota por vídeo para la expedición de certificados electrónicos cualificados, lo que obliga a los prestadores de este tipo de servicios a validar sus soluciones en los términos que establece el anexo F11 de la Guía CCN-STIC-140, del Centro Criptológico Nacional.
Dicho anexo requiere que un laboratorio acreditado realice ataques de presentación a este tipo de soluciones para verificar su resistencia a técnicas como máscaras hiperrealistas, deepfake o contouring. Durante esta charla ahondaremos en los detalles técnicos de dichos ataques, y te contaremos cómo hemos conseguido inyectar vídeo en muchas de estas soluciones.
Evolucionado la evaluación Criptográfica
El uso de módulos criptográficos para proteger información sensible en productos hardware, software y firmware es cada vez más extendido. Por ello CCN, desarrolló en su Guía de Seguridad de las TIC CCN-STIC 2002 un Módulo de Evaluación Criptográfico (MEC) que se aplica a diferentes soluciones que implementan algoritmos criptográficos. Este módulo sirve de referencia en numerosas evaluaciones bajo la metodología LINCE en las que se aplica de forma adicional.
Debido al aumento cada vez mayor de requisitos criptográficos, CCN ha desarrollado, con el soporte de jtsec, una metodología que incluye pruebas de conformidad, búsqueda de errores comunes en las implementaciones y requisitos de implementación de las primitivas criptográficas.
El objetivo de la metodología criptográfica es el de establecer un marco común para llevar a cabo las evaluaciones criptográficas de los TOEs que van a ser evaluados para la obtención de un certificado Common Criteria, LINCE con validación criptográfica o STIC con validación Criptográfica.
En esta charla se presentará la nueva aproximación para evaluar la criptografía en España según la metodología creada conjuntamente por CCN y jtsec. Además, mostraremos la herramienta creada para verificar la conformidad de las primitivas criptográficas. Esta ponencia será especialmente útil para los desarrolladores de productos que conocerán los requisitos que se pedirán a partir de ahora.
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
El desarrollo de productos creados directamente en la nube (cloud nativo) es una práctica cada vez más extendida en la industria. La administración española no escapa a esa tendencia y es cada vez más habitual las migraciones a la nube. El despliegue y gestionado se realiza en la nube y normalmente son desarrollos en constante evolución, permitiendo a los fabricantes más flexibilidad para la continua mejora de sus productos.
Ante el continuo incremento de productos desarrollados en la nube, en febrero de 2020, el CCN publicaba el Anexo G de la “Guía de Seguridad de las TIC CCN-STIC 140” para la Taxonomía de productos de STIC - Servicios en la nube, donde se reflejan los Requisitos Fundamentales de Seguridad (RFS) para este tipo de servicios, considerándose requisitos adicionales que complementan a los requisitos definidos para cada una de las familias de productos. Una guía pionera a nivel internacional para la evaluación de servicios cloud, por lo que cabe destacar que España es el primer país en crear una metodología de evaluación para este tipo de servicios. Normalmente las evaluaciones en la nube, se centran en la gestión e infraestructura del servicio/producto dejando de lado la funcionalidad de seguridad implementada por el mismo.
En las evaluaciones de ciberseguridad, existe la particularidad de que estos servicios/productos no pueden ser completamente controlados/instalados en el laboratorio a la hora de realizar la evaluación, por lo que no se puede certificar usando las metodologías LINCE o Common Criteria. Este problema existe a nivel internacional.
Para solventar esta casuística, CCN diseño una estrategia de evaluación de servicios en la nube mediante evaluaciones STIC complementarias haciendo uso de la metodología LINCE.
Esta vía ha permitido la cualificación en el catálogo CPSTIC / CCN-STIC 105 de servicios en la nube. A día de hoy, hay 6 servicios en la nube incluidos en el catálogo CPSTIC. Todos ellos han sido evaluados por jtsec.
En jtsec nos hemos tenido que adaptar tecnológicamente para afrontar este tipo de evaluaciones, puesto que alrededor del 70% de evaluaciones iniciadas en 2022 por jtsec corresponden a servicios en la nube.
La charla describirá las particularidades de las evaluaciones en la nube tanto a nivel técnico como en el proceso. Además, pondrá de relieve los esfuerzos realizados a nivel nacional para que se puedan evaluar este tipo de soluciones.
EUCA 22 - Let's harmonize labs competence ISO 19896
Harmonization on the competence of the different labs/evaluators have been always a topic for discussion in the Cybersecurity Certification community.
At ISO level, a new standard has been approved aiming to support this goal: ISO 19896.
ISO/IEC 19896 orders the requirements for information security testers and evaluators, including a set of concepts and relationships to understand the competency for individuals performing Common Criteria evaluations.
The requirements of this new ISO standard allows verifying that laboratories and personnel have sufficient capacity to handle a Common Criteria evaluation. However, there are some controversial points regarding this ISOs and how to apply it in Common Criteria, which will be explained during the talk.
Other topics to be addressed during the talk will be how EUCC, the first European cybersecurity scheme for ICT products, will cover the requirements of this ISO and other related standards.
EUCA22 Panel Discussion: Differences between lightweight certification schemes
As we all know, Europe is one of the leading players in the world in terms of cybersecurity certification. The main European countries issuing certifications, such as France, the Netherlands, Germany and Spain, have created their own lightweight/Fixed-time methodologies (CPSN, BSPA, BSZ and LINCE). All of them with many similarities, but also with quite a few national differences within them. This panel discussion will open the discussion among the relevant stakeholders for European recognition of these schemes. The panel will also discuss on the future European fixed-time methodology lead by JTC13 WG3, called FITCEM, which aims to unify all European schemes into a single one. The panel will discuss the potential impact that FITCEM will have both technically and in terms of the European market to the different stakeholders (manufacturers, laboratories, certification bodies, institutional agencies, etc.).
EUCA22 - Patch Management ISO_IEC 15408 & 18045
Common Criteria is the most used international standard for cybersecurity certification for ICT products. CC has lights and shadows and for most of the stakeholders the main drawback might be the assurance continuity process. The application of CC for re-certifications of updates or security-patched products is very slow and not adapted to the time to market of new versions of products. EUCC includes patch management as an activity that may be assessed as part of the evaluation process. ISO SC27 WG3 have been working hard in the last years to prepare the technical specification that could be used to evaluate the TOE’s patching functionality and the developer’s patch management by adding new modules that can be integrated into PPs and STs. This talk will explain the current status and news of the ISO Technical Specification, and explain how it address the patch management problem taking into account the Cyber Security Act requirements. The speakers will be Javier Tallon and Sebastian Fritsch, co-editors of the ISO/IEC TS 9565.
Cross standard and scheme composition - A needed cornerstone for the European...
The proliferation of new cybersecurity standards/schemes shows the interest of all the stakeholders to require cybersecurity for ICT products. On the other hand, a need for harmonization/recognition between standards/schemes is needed. Otherwise, there could be too many standards that become non-cost-effective for developers certifying their products.
For instance, almost every IoT vertical has its own set of cybersecurity standards. But IoT devices and it’s supply chain is not limited within a single vertical. In fact the contrary holds, that building blocks of an IoT device find appliance in a couple of other verticals. Assuming that these building blocks demonstrated cybersecurity compliance of some form, say for a particular vertical, it will be key for the economy to not repeat those proofs of compliance but instead accept across standards and schemes where applicable.
This talk will highlight the importance of the acceptance of certification and standard compliance results across different schemes or security standards. We will show examples (e.g., smart metering in France with de-facto acceptance of underlying CC results, SESIP to IEC62443-4-2) where this has been applied successfully, but will also look at existing standards or schemes where this would be possible (e.g. EUCC, FITCEM, etc‚) or proposals on how to apply this for Industrial IoT (IACS ERNCIP recommendations to the EU commission).
The talk will be given from the developer perspective (Georg Stütz from NXP) and lab perspective (Jose Ruiz from jtsec)
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
Incluir productos y servicios en el catálogo de ciberseguridad de referencia para la Administración Pública no resulta sencillo.
Se ha de superar una evaluación LINCE o Common Criteria para poder acceder a dicho catálogo.
En el catálogo CPSTIC se pueden incluir tanto para soluciones on premise como en la nube, siendo una gran ventaja para aquellos desarrolladores cloud native.
En esta presentación explicamos las diferentes maneras de incluir una solución en el catálogo CPSTIC, así como los pasos a seguir.
Is Automation Necessary for the CC Survival?
The use of different automation tools in Common Criteria is a reality. In recent years, it has been demonstrated that the capacity to take on a large number of Common Criteria evaluations, both by laboratories and by the Certification Bodies, is limited. The automation of certain processes through the use of tools created specifically for this purpose is seen as the only possible way to speed up the process, both in terms of time and workload. How will the use of tools affect the immediate future of the different stakeholders in Common Criteria? Will automation lead to an increase in the number of certifications and the possibility that more companies will be able to become certified?
2022 CC Statistics report: will this year beat last year's record number of c...
CC Scraper is a tool developed by jtsec 5 years ago that that analyses automatically the information from the CC and CBs portals using OCR capabilities and other features. Including detailed insights about Common Criteria like certification per assurance level, trends by Protection Profile, ranking of manufacturer, among others. We have published free annually reports regarding. In last year’s edition, we presented the statistics for 2021, the year with the most Common Criteria certifications in history. Would you like to know the data of the first three quarters of 2022? Will this year beat last year’s record number of certifications? Which labs and vendors will be in the top?
This presentation will show Common Criteria’s data in a year that has taken place against a context of global uncertainty and instability.
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
Artículo publicado en la edición nº 148 de la Revista SIC, donde presentamos la herramientas que estamos desarrollando, pionera en el mercado.
CCCAB es un proyecto financiado por la Comisión Europea en el marco del programa Connecting Europe Faciclity (CEF), que permite ahorrar tiempo y esfuerzo a los CABs (Certification Assessments Bodies), aligerando su carga de trabajo para optimizar la fase de certificación.
jtsec Arqus Alliance presentation
The document discusses cybersecurity certification standards. It provides a brief history of early certification standards from the 1980s to the present Common Criteria standard. It notes that certification involves an accredited third party audit against a standard to issue a conformity certificate. Successful standards are cost-effective, provide value, and have properties like those in the Kama Sutra. The document also introduces the jtsec cybersecurity company, describing their evaluation, consultancy, and development teams and some of their projects involving major tech companies.
More from Javier Tallón (20)
Evolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio II
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCN
Experiences evaluating cloud services and products
Experiences evaluating cloud services and products
TAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptx
La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
EUCA 22 - Let's harmonize labs competence ISO 19896
EUCA 22 - Let's harmonize labs competence ISO 19896
EUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemes
Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
Recently uploaded
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
HCL Notes and Domino License Cost Reduction in the World of DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Digital Marketing Trends in 2024 | Guide for Staying Ahead
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
5th LF Energy Power Grid Model Meet-up Slides
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Best 20 SEO Techniques To Improve Website Visibility In SERP
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
OpenID AuthZEN Interop Read Out - Authorization
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
Programming Foundation Models with DSPy - Meetup Slides
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
20240609 QFM020 Irresponsible AI Reading List May 2024
Everything I found interesting about the irresponsible use of machine intelligence in May 2024
Building Production Ready Search Pipelines with Spark and Milvus
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
ここ3000字までしか入らないけどタイトルの方がたくさん文字入ると思います。
How to Get CNIC Information System with Paksim Ga.pptx
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Webinar: Designing a schema for a Data Warehouse
Are you new to data warehouses (DWH)? Do you need to check whether your data warehouse follows the best practices for a good design? In both cases, this webinar is for you.
A data warehouse is a central relational database that contains all measurements about a business or an organisation. This data comes from a variety of heterogeneous data sources, which includes databases of any type that back the applications used by the company, data files exported by some applications, or APIs provided by internal or external services.
But designing a data warehouse correctly is a hard task, which requires gathering information about the business processes that need to be analysed in the first place. These processes must be translated into so-called star schemas, which means, denormalised databases where each table represents a dimension or facts.
We will discuss these topics:
- How to gather information about a business;
- Understanding dictionaries and how to identify business entities;
- Dimensions and facts;
- Setting a table granularity;
- Types of facts;
- Types of dimensions;
- Snowflakes and how to avoid them;
- Expanding existing dimensions and facts.
Recently uploaded (20)
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
CCCAB - Making CABs life easy
- 3. ❑ Automate everything! ❑ Less time to obtain the certificate ❑ Lower economic cost for everyone ❑ Meet the market expectations ❑ Increased number of Common Criteria certifications ❑ Fast pace in the evolution of IT ❑ Lack of talent Why automation tools for Common Criteria?
- 4. ❑ The CSA brings a new paradigm ❑ Regulation (EC) No 765/2008: ‘conformity assessment body’ shall mean a body that performs conformity assessment activities including calibration, testing, certification and inspection; ❑ EUCC v1.1.1 further refines this concept: ❑ CAB = CB + ITSEF ❑ CB: issues certificate ❑ ITSEF: calibrates / tests / samples CSA & EUCC Context
- 5. ❑ CCCAB is co-financed by the Connecting Europe Facility of the European Union. ❑ ISCOM (OSCI), CCN (OC-CCN) and jtsec Brief & Stakeholders
- 7. ❑ Improve current schemes capabilities to support the high assurance certifications defined in the EUCC ❑ Build up CAB capabilities for newcomers and for private CABs that will operate under the EUCC for level substantial ❑ Share good practices between CABs for high and support peer reviews by sharing the same tool ❑ Enhance the communication flow with ENISA, ITSEFs, manufacturers… ❑ Allow focus on validation of the reports Objectives
- 8. ❑ CCCAB provides a framework to manage EUCC certifications smoothing the process and saving around 25% of the certification effort for existing CABs. ❑ CCCAB will ease the creation of EUCC CABs around Europe given that it will be very easy to deploy the required IT system to manage a CAB. ❑ CCCAB will be a free open-source tool that could be potentially adapted to be used in other future schemes. Therefore, it could be a key factor for a successful adoption of the EU Cybersecurity Certification framework. Why is CCCAB needed?
- 9. For documentation generation For evaluation For certification CCCAB as a part of a framework Consultants/Manufacturers ITSEFs CBs Evaluation evidence ETR
- 11. Features
- 12. ❑ Project Management: CCCAB will allow you to have a global view of all projects in progress, helping in the overall management of the project. ❑ Simple installation: Can be used from anywhere without the need to install any software. Online and offline. ❑ Web Edition, docx/pdf Output: CCCAB will allow the generation in DOCX or PDF format. Features Document Generator
- 13. ❑ Presentation engine ❑ Access control (I&A, 2FA, …) and authorization subsystem (PGP, PAdES, XAdES) ❑ Evidence and versioning subsystem ❑ CC Analysis Engine & Expert tips ❑ ITSEF non-conformities subsystem Features Validation Framework CC Analysis Engine Smart Validation System Presentation Engine Access control & Authorizations CC3.1R5 Non - Conformities Evidences & Versioning
- 14. ❑ Smart Validation System ❑ ITSEF communications parser ❑ Manufacturers communications parser ❑ Automagic filling Features Validation Framework CC Analysis Engine Smart Validation System Presentation Engine Access control & Authorizations CC3.1R5 ITSEF Comm. Manufact. Comm. Non - Conformities Evidences & Versioning ITSEFs Manufacturers
- 15. ❑ Adaptation to the EUCC ❑ Communications with ENISA website ❑ Compliance System ❑ Vulnerability Inbox ❑ Vulnerability Monitoring Features Validation Framework CC Analysis Engine Smart Validation System Presentation Engine Access control & Authorizations CC3.1R5 Non - Conformities Evidences & Versioning Vulnerability inbox
- 16. Action plan CCCAB Specification • Analysis of current tools used by CBs • Information flows identification • Information Exchange languages specification Validation Framework • Access Control and PM system • Interface development • Evidence management • Report printing • NCs Management • Version Management Smart Validation System • ITSEF Communications parser • Manufacturer communications parser • Autofill • Expert tips Adaptation to the EUCC scheme • Communication module with ENISA website • Compliance Monitoring System and non- compliance handling Validation • Full Project using CCCAB • Guidance development • Final version release
- 17. jtsec Beyond IT Security Granada & Madrid – Spain hello@jtsec.es @jtsecES www.jtsec.es Contact “Any fool can make something complicated. It takes a genius to make it simple.” Woody Guthrie