SlideShare uma empresa Scribd logo

CCCAB tool - Making CABs life easy - Chapter 2

Javier Tallón
Javier Tallón

CCCAB (Common Criteria Conformity Assessment Body) Tool is a unique framework that will allow Common Criteria CABs to smooth the certification process for ICT products, reducing the cost and time required in each single certification process. CCCAB will be developed to support NCCAs (National Cybersecurity Certification Authorities) when acting as CABs for level high and CABs (Conformity Assessment Bodies) for level substantial operating under the EUCC (Common Criteria based European candidate cybersecurity certification scheme) scheme. CCCAB has been selected by the European Commission under the Connecting Europe Facility (CEF) programme as a granted project. Two European NCCAs are also supporting CCCAB: CCN (Spain) and OCSI (Italy), reflecting the magnitude of the project. CCCAB will be released as an open source product and will be free to use allowing the community to improve the tool in the future. This tool was presented at last ICCC. In this year presentation, we will be able to show the specifications that have been defined to interact with the tool. We will be able to present the current status of the development showing the first operational version of CCCAB. Finally, we will discuss the challenges to make the tool accessible widely.

Tecnologia
1 de 22
Baixar para ler offline
❑ Automate everything! ❑ Less time to obtain the certificate ❑ Lower economic cost for everyone ❑ Meet the market expectations ❑ Increased number of Common Criteria certifications ❑ Fast pace in the evolution of IT ❑ Lack of talent Why automation tools for Common Criteria?
❑ The CSA brings a new paradigm ❑ Regulation (EC) No 765/2008: ‘conformity assessment body’ shall mean a body that performs conformity assessment activities including calibration, testing, certification and inspection; ❑ EUCC v1.1.1 further refines this concept: ❑ CAB = CB + ITSEF ❑ CB: issues certificate ❑ ITSEF: calibrates / tests / samples CSA & EUCC Context
❑ CCCAB is co-financed by the Connecting Europe Facility of the European Union. ❑ ISCOM (OSCI), CCN (OC-CCN) and jtsec Brief & Stakeholders
❑ Improve current schemes capabilities to support the high assurance certifications defined in the EUCC ❑ Build up CAB capabilities for newcomers and for private CABs that will operate under the EUCC for level substantial ❑ Share good practices between CABs for high and support peer reviews by sharing the same tool ❑ Enhance the communication flow with ENISA, ITSEFs, manufacturers… ❑ Allow focus on validation of the reports Objectives
❑ CCCAB provides a framework to manage EUCC certifications smoothing the process and saving around 25% of the certification effort for existing CABs. ❑ CCCAB will ease the creation of EUCC CABs around Europe given that it will be very easy to deploy the required IT system to manage a CAB. ❑ CCCAB will be a free open-source tool that could be potentially adapted to be used in other future schemes. Therefore, it could be a key factor for a successful adoption of the EU Cybersecurity Certification framework. Why is CCCAB needed?
CCCAB as a part of a framework
Main technologies used
Features
❑ Project Management: CCCAB will allow you to have a global view of all projects in progress, helping in the overall management of the project. ❑ Simple installation: Can be used from anywhere without the need to install any software. Online and offline. ❑ Web Edition, docx/pdf Output: CCCAB will allow the generation in DOCX or PDF format. Features Document Generator
❑ Presentation engine ❑ Access control (I&A, 2FA, …) and authorization subsystem (PGP, PAdES, XAdES) ❑ Evidence and versioning subsystem ❑ CC Analysis Engine & Expert tips ❑ ITSEF non-conformities subsystem Features Validation Framework CC Analysis Engine Smart Validation System Presentation Engine Access control & Authorizations CC3.1R5 Non - Conformities Evidences & Versioning
❑ Smart Validation System ❑ ITSEF communications parser ❑ Manufacturers communications parser ❑ Automagic filling Features Validation Framework CC Analysis Engine Smart Validation System Presentation Engine Access control & Authorizations CC3.1R5 ITSEF Comm. Manufact. Comm. Non - Conformities Evidences & Versioning ITSEFs Manufacturers
Features
❑ Adaptation to the EUCC ❑ Communications with ENISA website ❑ Compliance System ❑ Vulnerability Inbox ❑ Vulnerability Monitoring Features Validation Framework CC Analysis Engine Smart Validation System Presentation Engine Access control & Authorizations CC3.1R5 Non - Conformities Evidences & Versioning Vulnerability inbox
How it works?
CCCAB Specification • Analysis of current tools used by CBs • Information flows identification • Information Exchange languages specification Validation Framework • Access Control and PM system • Interface development • Evidence management • Report printing • NCs Management • Version Management Smart Validation System • ITSEF Communications parser • Manufacturer communications parser • Autofill • Expert tips Adaptation to the EUCC scheme • Communication module with ENISA website • Compliance Monitoring System and non- compliance handling Validation • Full Project using CCCAB • Guidance development • Final version release Action plan
CCCAB website ❑ https://www.cccab.eu/
CCCAB website
❑ Define the Open Source licensing model ❑ Release the source code ❑ Test the tool properly in a real use cases with the partners ❑ Develop the connection with the ENISA website, which is not yet up and running ❑ Making stakeholders aware of the tool Conclusions & ToDos
jtsec Beyond IT Security Granada & Madrid – Spain hello@jtsec.es @jtsecES www.jtsec.es Contact “Any fool can make something complicated. It takes a genius to make it simple.” Woody Guthrie

Recomendados

CCCAB - Making CABs life easy
CCCAB - Making CABs life easyCCCAB - Making CABs life easy
CCCAB - Making CABs life easy
Javier Tallón
 
Project P Open Workshop
Project P Open WorkshopProject P Open Workshop
Project P Open Workshop
matteobordinadacore
 
PeopleCert ExamShield Technical Details.pdf
PeopleCert ExamShield Technical Details.pdfPeopleCert ExamShield Technical Details.pdf
PeopleCert ExamShield Technical Details.pdf
Indranighosh46
 
Managing Your ROI & TCO In Automation Testing | V&V Webinar PPT
Managing Your ROI & TCO In Automation Testing | V&V Webinar PPTManaging Your ROI & TCO In Automation Testing | V&V Webinar PPT
Managing Your ROI & TCO In Automation Testing | V&V Webinar PPT
Sadatulla Zishan
 
Ensuring Successful OPNFV-based NFV Deployments | QualiTest Group
Ensuring Successful OPNFV-based NFV Deployments | QualiTest GroupEnsuring Successful OPNFV-based NFV Deployments | QualiTest Group
Ensuring Successful OPNFV-based NFV Deployments | QualiTest Group
Qualitest
 
Taking AppSec to 11 - BSides Austin 2016
Taking AppSec to 11 - BSides Austin 2016Taking AppSec to 11 - BSides Austin 2016
Taking AppSec to 11 - BSides Austin 2016
Matt Tesauro
 
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things BetterTaking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Matt Tesauro
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
ThousandEyes
 

Recomendados

CCCAB - Making CABs life easy
CCCAB - Making CABs life easyCCCAB - Making CABs life easy
CCCAB - Making CABs life easy
Javier Tallón
 
Project P Open Workshop
Project P Open WorkshopProject P Open Workshop
Project P Open Workshop
matteobordinadacore
 
PeopleCert ExamShield Technical Details.pdf
PeopleCert ExamShield Technical Details.pdfPeopleCert ExamShield Technical Details.pdf
PeopleCert ExamShield Technical Details.pdf
Indranighosh46
 
Managing Your ROI & TCO In Automation Testing | V&V Webinar PPT
Managing Your ROI & TCO In Automation Testing | V&V Webinar PPTManaging Your ROI & TCO In Automation Testing | V&V Webinar PPT
Managing Your ROI & TCO In Automation Testing | V&V Webinar PPT
Sadatulla Zishan
 
Ensuring Successful OPNFV-based NFV Deployments | QualiTest Group
Ensuring Successful OPNFV-based NFV Deployments | QualiTest GroupEnsuring Successful OPNFV-based NFV Deployments | QualiTest Group
Ensuring Successful OPNFV-based NFV Deployments | QualiTest Group
Qualitest
 
Taking AppSec to 11 - BSides Austin 2016
Taking AppSec to 11 - BSides Austin 2016Taking AppSec to 11 - BSides Austin 2016
Taking AppSec to 11 - BSides Austin 2016
Matt Tesauro
 
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things BetterTaking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Matt Tesauro
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
ThousandEyes
 
ICCC21 2021 statistics report
ICCC21 2021 statistics reportICCC21 2021 statistics report
ICCC21 2021 statistics report
Javier Tallón
 
Test Automation in the Cloud - Key to Accelerated Development
Test Automation in the Cloud - Key to Accelerated DevelopmentTest Automation in the Cloud - Key to Accelerated Development
Test Automation in the Cloud - Key to Accelerated Development
Aspire Systems
 
LFN Dev and Testing Forum 2022 CNF Certification Tutorial
LFN Dev and Testing Forum 2022 CNF Certification TutorialLFN Dev and Testing Forum 2022 CNF Certification Tutorial
LFN Dev and Testing Forum 2022 CNF Certification Tutorial
W Watson
 
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearQuick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, Opengear
MyNOG
 
Automating Common Criteria
Automating Common Criteria Automating Common Criteria
Automating Common Criteria
Javier Tallón
 
Components of CI/CD in DevOps
Components of CI/CD in DevOpsComponents of CI/CD in DevOps
Components of CI/CD in DevOps
sunil173422
 
Resume_Sahida Sultana
Resume_Sahida SultanaResume_Sahida Sultana
Resume_Sahida Sultana
Sahida Sultana
 
Resume
ResumeResume
Resume
nandisg
 
Navaneethan Balakrishnan_Resume
Navaneethan Balakrishnan_ResumeNavaneethan Balakrishnan_Resume
Navaneethan Balakrishnan_Resume
Navaneethan Balakrishnan
 
Journey Through Four Stages of Kubernetes Deployment Maturity
Journey Through Four Stages of Kubernetes Deployment MaturityJourney Through Four Stages of Kubernetes Deployment Maturity
Journey Through Four Stages of Kubernetes Deployment Maturity
Altoros
 
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Vimal Suba
 
Testwarez 2009 Use Proper Tool
Testwarez 2009 Use Proper ToolTestwarez 2009 Use Proper Tool
Testwarez 2009 Use Proper Tool
Adam Sandman
 
Cognizant_DevOps_AWS Event Flyer ART
Cognizant_DevOps_AWS Event Flyer ARTCognizant_DevOps_AWS Event Flyer ART
Cognizant_DevOps_AWS Event Flyer ART
Elangovan Anbalagan
 
Navaneethan Balakrishnan_Resume
Navaneethan Balakrishnan_ResumeNavaneethan Balakrishnan_Resume
Navaneethan Balakrishnan_Resume
Navaneethan Balakrishnan
 
Pivotal CloudFoundry on Google cloud platform
Pivotal CloudFoundry on Google cloud platformPivotal CloudFoundry on Google cloud platform
Pivotal CloudFoundry on Google cloud platform
Ronak Banka
 
Enterprise QA and Application Testing Services
Enterprise QA and Application Testing ServicesEnterprise QA and Application Testing Services
Enterprise QA and Application Testing Services
Hemang Rindani
 
Enterprise QA and Application Testing Services
Enterprise QA and Application Testing ServicesEnterprise QA and Application Testing Services
Enterprise QA and Application Testing Services
Cygnet Infotech
 
Service Virtualization: What, Who, When, and How
Service Virtualization: What, Who, When, and HowService Virtualization: What, Who, When, and How
Service Virtualization: What, Who, When, and How
TechWell
 
Presentation on 3 Pillars of DevOps - Kovair DevOps
Presentation on 3 Pillars of DevOps - Kovair DevOpsPresentation on 3 Pillars of DevOps - Kovair DevOps
Presentation on 3 Pillars of DevOps - Kovair DevOps
Kovair
 
imagic 2.pptx
imagic 2.pptximagic 2.pptx
imagic 2.pptx
kalpeshchavda12
 
Evolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio IIEvolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio II
Javier Tallón
 
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Javier Tallón
 

Mais conteúdo relacionado

Semelhante a CCCAB tool - Making CABs life easy - Chapter 2

ICCC21 2021 statistics report
ICCC21 2021 statistics reportICCC21 2021 statistics report
ICCC21 2021 statistics report
Javier Tallón
 
Cognizant_DevOps_AWS Event Flyer ART
Cognizant_DevOps_AWS Event Flyer ARTCognizant_DevOps_AWS Event Flyer ART
Cognizant_DevOps_AWS Event Flyer ART
Elangovan Anbalagan
 
Service Virtualization: What, Who, When, and How
Service Virtualization: What, Who, When, and HowService Virtualization: What, Who, When, and How
Service Virtualization: What, Who, When, and How
TechWell
 

Semelhante a CCCAB tool - Making CABs life easy - Chapter 2 (20)

ICCC21 2021 statistics report
ICCC21 2021 statistics reportICCC21 2021 statistics report
ICCC21 2021 statistics report
 
Test Automation in the Cloud - Key to Accelerated Development
Test Automation in the Cloud - Key to Accelerated DevelopmentTest Automation in the Cloud - Key to Accelerated Development
Test Automation in the Cloud - Key to Accelerated Development
 
LFN Dev and Testing Forum 2022 CNF Certification Tutorial
LFN Dev and Testing Forum 2022 CNF Certification TutorialLFN Dev and Testing Forum 2022 CNF Certification Tutorial
LFN Dev and Testing Forum 2022 CNF Certification Tutorial
 
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearQuick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, Opengear
 
Automating Common Criteria
Automating Common Criteria Automating Common Criteria
Automating Common Criteria
 
Components of CI/CD in DevOps
Components of CI/CD in DevOpsComponents of CI/CD in DevOps
Components of CI/CD in DevOps
 
Resume_Sahida Sultana
Resume_Sahida SultanaResume_Sahida Sultana
Resume_Sahida Sultana
 
Resume
ResumeResume
Resume
 
Navaneethan Balakrishnan_Resume
Navaneethan Balakrishnan_ResumeNavaneethan Balakrishnan_Resume
Navaneethan Balakrishnan_Resume
 
Journey Through Four Stages of Kubernetes Deployment Maturity
Journey Through Four Stages of Kubernetes Deployment MaturityJourney Through Four Stages of Kubernetes Deployment Maturity
Journey Through Four Stages of Kubernetes Deployment Maturity
 
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
 
Testwarez 2009 Use Proper Tool
Testwarez 2009 Use Proper ToolTestwarez 2009 Use Proper Tool
Testwarez 2009 Use Proper Tool
 
Cognizant_DevOps_AWS Event Flyer ART
Cognizant_DevOps_AWS Event Flyer ARTCognizant_DevOps_AWS Event Flyer ART
Cognizant_DevOps_AWS Event Flyer ART
 
Navaneethan Balakrishnan_Resume
Navaneethan Balakrishnan_ResumeNavaneethan Balakrishnan_Resume
Navaneethan Balakrishnan_Resume
 
Pivotal CloudFoundry on Google cloud platform
Pivotal CloudFoundry on Google cloud platformPivotal CloudFoundry on Google cloud platform
Pivotal CloudFoundry on Google cloud platform
 
Enterprise QA and Application Testing Services
Enterprise QA and Application Testing ServicesEnterprise QA and Application Testing Services
Enterprise QA and Application Testing Services
 
Enterprise QA and Application Testing Services
Enterprise QA and Application Testing ServicesEnterprise QA and Application Testing Services
Enterprise QA and Application Testing Services
 
Service Virtualization: What, Who, When, and How
Service Virtualization: What, Who, When, and HowService Virtualization: What, Who, When, and How
Service Virtualization: What, Who, When, and How
 
Presentation on 3 Pillars of DevOps - Kovair DevOps
Presentation on 3 Pillars of DevOps - Kovair DevOpsPresentation on 3 Pillars of DevOps - Kovair DevOps
Presentation on 3 Pillars of DevOps - Kovair DevOps
 
imagic 2.pptx
imagic 2.pptximagic 2.pptx
imagic 2.pptx
 

Mais de Javier Tallón

Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Javier Tallón
 
ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?
Javier Tallón
 
ICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCNICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCN
Javier Tallón
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and products
Javier Tallón
 
La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...
Javier Tallón
 
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdfEUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
Javier Tallón
 
Hacking your jeta.pdf
Hacking your jeta.pdfHacking your jeta.pdf
Hacking your jeta.pdf
Javier Tallón
 
Evolucionado la evaluación Criptográfica
Evolucionado la evaluación CriptográficaEvolucionado la evaluación Criptográfica
Evolucionado la evaluación Criptográfica
Javier Tallón
 
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
Javier Tallón
 
EUCA 22 - Let's harmonize labs competence ISO 19896
EUCA 22 - Let's harmonize labs competence ISO 19896EUCA 22 - Let's harmonize labs competence ISO 19896
EUCA 22 - Let's harmonize labs competence ISO 19896
Javier Tallón
 
EUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemesEUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemes
Javier Tallón
 
EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045
Javier Tallón
 
Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...
Javier Tallón
 
2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...
Javier Tallón
 

Mais de Javier Tallón (20)

Evolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio IIEvolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio II
 
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
 
ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?
 
ICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCNICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCN
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and products
 
TAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptxTAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptx
 
La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...
 
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdfEUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
 
Hacking your jeta.pdf
Hacking your jeta.pdfHacking your jeta.pdf
Hacking your jeta.pdf
 
Evolucionado la evaluación Criptográfica
Evolucionado la evaluación CriptográficaEvolucionado la evaluación Criptográfica
Evolucionado la evaluación Criptográfica
 
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
 
EUCA 22 - Let's harmonize labs competence ISO 19896
EUCA 22 - Let's harmonize labs competence ISO 19896EUCA 22 - Let's harmonize labs competence ISO 19896
EUCA 22 - Let's harmonize labs competence ISO 19896
 
EUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemesEUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemes
 
EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045
 
Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...
 
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
 
Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?
 
2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...
 
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
 
jtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationjtsec Arqus Alliance presentation
jtsec Arqus Alliance presentation
 

Último

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Último (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

CCCAB tool - Making CABs life easy - Chapter 2

  • 1.
  • 2.
  • 3. ❑ Automate everything! ❑ Less time to obtain the certificate ❑ Lower economic cost for everyone ❑ Meet the market expectations ❑ Increased number of Common Criteria certifications ❑ Fast pace in the evolution of IT ❑ Lack of talent Why automation tools for Common Criteria?
  • 4. ❑ The CSA brings a new paradigm ❑ Regulation (EC) No 765/2008: ‘conformity assessment body’ shall mean a body that performs conformity assessment activities including calibration, testing, certification and inspection; ❑ EUCC v1.1.1 further refines this concept: ❑ CAB = CB + ITSEF ❑ CB: issues certificate ❑ ITSEF: calibrates / tests / samples CSA & EUCC Context
  • 5. ❑ CCCAB is co-financed by the Connecting Europe Facility of the European Union. ❑ ISCOM (OSCI), CCN (OC-CCN) and jtsec Brief & Stakeholders
  • 6.
  • 7. ❑ Improve current schemes capabilities to support the high assurance certifications defined in the EUCC ❑ Build up CAB capabilities for newcomers and for private CABs that will operate under the EUCC for level substantial ❑ Share good practices between CABs for high and support peer reviews by sharing the same tool ❑ Enhance the communication flow with ENISA, ITSEFs, manufacturers… ❑ Allow focus on validation of the reports Objectives
  • 8. ❑ CCCAB provides a framework to manage EUCC certifications smoothing the process and saving around 25% of the certification effort for existing CABs. ❑ CCCAB will ease the creation of EUCC CABs around Europe given that it will be very easy to deploy the required IT system to manage a CAB. ❑ CCCAB will be a free open-source tool that could be potentially adapted to be used in other future schemes. Therefore, it could be a key factor for a successful adoption of the EU Cybersecurity Certification framework. Why is CCCAB needed?
  • 9. CCCAB as a part of a framework
  • 12. ❑ Project Management: CCCAB will allow you to have a global view of all projects in progress, helping in the overall management of the project. ❑ Simple installation: Can be used from anywhere without the need to install any software. Online and offline. ❑ Web Edition, docx/pdf Output: CCCAB will allow the generation in DOCX or PDF format. Features Document Generator
  • 13. ❑ Presentation engine ❑ Access control (I&A, 2FA, …) and authorization subsystem (PGP, PAdES, XAdES) ❑ Evidence and versioning subsystem ❑ CC Analysis Engine & Expert tips ❑ ITSEF non-conformities subsystem Features Validation Framework CC Analysis Engine Smart Validation System Presentation Engine Access control & Authorizations CC3.1R5 Non - Conformities Evidences & Versioning
  • 14. ❑ Smart Validation System ❑ ITSEF communications parser ❑ Manufacturers communications parser ❑ Automagic filling Features Validation Framework CC Analysis Engine Smart Validation System Presentation Engine Access control & Authorizations CC3.1R5 ITSEF Comm. Manufact. Comm. Non - Conformities Evidences & Versioning ITSEFs Manufacturers
  • 16. ❑ Adaptation to the EUCC ❑ Communications with ENISA website ❑ Compliance System ❑ Vulnerability Inbox ❑ Vulnerability Monitoring Features Validation Framework CC Analysis Engine Smart Validation System Presentation Engine Access control & Authorizations CC3.1R5 Non - Conformities Evidences & Versioning Vulnerability inbox
  • 18. CCCAB Specification • Analysis of current tools used by CBs • Information flows identification • Information Exchange languages specification Validation Framework • Access Control and PM system • Interface development • Evidence management • Report printing • NCs Management • Version Management Smart Validation System • ITSEF Communications parser • Manufacturer communications parser • Autofill • Expert tips Adaptation to the EUCC scheme • Communication module with ENISA website • Compliance Monitoring System and non- compliance handling Validation • Full Project using CCCAB • Guidance development • Final version release Action plan
  • 21. ❑ Define the Open Source licensing model ❑ Release the source code ❑ Test the tool properly in a real use cases with the partners ❑ Develop the connection with the ENISA website, which is not yet up and running ❑ Making stakeholders aware of the tool Conclusions & ToDos
  • 22. jtsec Beyond IT Security Granada & Madrid – Spain hello@jtsec.es @jtsecES www.jtsec.es Contact “Any fool can make something complicated. It takes a genius to make it simple.” Woody Guthrie