12 August 1998 Source: http://www.access.gpo.gov/su_docs/aces/aaces002.html ------------------------------------------------------------------------- [Federal Register: August 12, 1998 (Volume 63, Number 155)] [Notices] [Page 43140-43141] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr12au98-36] ----------------------------------------------------------------------- DEPARTMENT OF COMMERCE National Institute of Standards and Technology Announcement of a Workshop to Discuss the Development and Implementation of a Common Criteria Evaluation and Validation Scheme for Information Technology (IT) Security AGENCY: National Institute of Standards and Technology. ACTION: Notice of Public Workshop. ----------------------------------------------------------------------- SUMMARY: The National Institute of Standards and Technology (NIST) and the National Security Agency (NSA), partners in the National Information Assurance Partnership (NIAP), invite interested parties to attend a public workshop to discuss the development of a Common Criteria Evaluation and Validation Scheme for IT Security. The purpose of the Common Criteria Scheme is to meet the needs of industry and government and for cost-effective security evaluation of IT products, (e.g., operating systems, database management systems, firewalls). The proposed scheme represents a significant change to previous IT product evaluation programs conducted by NSA and completes the transition of security testing and evaluation from the government to the private sector. DATES: The workshop will take place on September 9, 1998 from 9:00 A.M. until 5:00 P.M. Interested parties should contact NIST at the address or telephone numbers listed below to confirm their interest in attending the workshop. ADDRESSES: The workshop will take place at the Sheraton International Hotel (BWI Airport), 7032 Elm Road, Baltimore, MD 21240, phone: (410) 859-3300, fax: (410) 859-0565. FOR FURTHER TECHNICAL INFORMATION CONTACT: Dr. Ron S. Ross, Information Technology Laboratory, National Institute of Standards and Technology, 820 West Diamond Avenue (Room 426), Gaithersburg, MD 20899, email: rross@nist.gov, phone: (301) 975-5390, fax: (301) 948-0279. Alternate point of contact is: Ms. Robin Medlock, Information Technology Laboratory, National Institute of Standards and Technology, email: rmedlock@nist.gov, phone: (301) 975-5017, fax: (301) 948-0279. Detailed workshop information (to include copies of draft documents related to the Common Criteria Scheme) is available on the NIAP web site at http:/ /niap.nist.gov. Laboratory accreditation information can be accessed at the following web sites: International Laboratory Accreditation Co- operation (ILAC), http://www.ilac.org, Asia Pacific Laboratory Accreditation Cooperation (APLAC), http://www.ianz.govt.nz/aplac/, National Voluntary Laboratory Accreditation Program (NVLAP) http:// ts.nist.gov/nvlap. WORKSHOP REGISTRATION: To register for the workshop, visit the NIAP web site at http://niap.nist.gov and follow the link for Events. Registration must be received by August 26, 1998. For confirmation or additional information, contact Lazer Fuerst at Mitretek Systems, phone: (703) 610-1689, fax: (703) 610-1699, email: scheme- workshop@mitretek.org. SUPPLEMENTARY INFORMATION: Recent advances in information technologies and the proliferation of computing systems and networks world-wide have raised the level of concern about security in both the public and private sectors. Security concerns are motivated by a growing use of IT products throughout industry and government in a variety of critical areas--from electronic commerce to national defense. Consumers have access to a growing number of security-enhanced IT products with different capabilities and limitations and must make important decisions about which [[Page 43141]] products provide an appropriate degree of protection for their information. In order to help consumers choose commercial off-the-shelf IT products, NIST and NSA are developing a program to evaluate conformance of IT products to international standards. This program has the following objectives: To develop, operate, and maintain a Common Criteria Evaluation and Validation Scheme; To provide for security evaluations in private sector laboratories; To ensure that evaluations of IT products are performed to consistent standards and to increase confidence in the security of those products; To improve the availability of evaluated IT products; To create a climate for IT security products of ``Make them here, test them here, sell them world-wide''. The proposed scheme will promote evaluations of IT products conducted in the private sector by accredited testing laboratories. Products will be evaluated against the Common Criteria for Information Technology Security Evaluation, an emerging International Standards Organization (ISO) standard. Evaluation results will be validated by NIAP leading to the issuance of a validation certificate and placement on a validated products list. Certificates for the validated products will be recognized by participants in mutual recognition agreements based on the Common Criteria, thus reducing the need for multiple security evaluations. This workshop is for the following audiences: Manufacturers, developers, and integrators of IT products interested in having their products evaluated against the Common Criteria; Testing laboratories interested in evaluating IT products to the Common Criteria; Government and private sector consumers desiring IT products evaluated against the Common Criteria and validated by NIAP. The workshop will cover a variety of topics to include: Introduction to IT product security evaluation; Overview of the Common Criteria Scheme; Status report on the Common Criteria and Common Evaluation Methodology; Laboratory accreditation; Validation of evaluation results by NIAP. Dated: August 6, 1998. Robert E. Hebner, Acting Deputy Director. [FR Doc. 98-21630 Filed 8-11-98; 8:45 am] BILLING CODE 3510-CN-P