One more time, for the CC (now at version 3.x), read the ISO 15408 series, specifically '-3'. Just like the ISO9k and IEC61508 stuff, a whole consulting sub-industry has arisen from the swamp that is quite willing to guide you through the evaluation/certification process.
The CC and associated DTDs are available for free - Bing or Google will find it. Or use Yandex since you seem to want life to be difficult. Just kidding... Brian From: Christopher [mailto:[email protected]] Sent: Thursday, December 17, 2009 1:00 PM To: [email protected]; Brian O'Connell Subject: EAL4 and SIPRNET If I can remember correctly that our all Nokia security appliance had EAL4 certification. I was not directly involved in EAL4 certification as it was not in the HW Regulatory Compliance area. I provided the HW to our Software PM and he send it out for certification. EAL4 testing was 2-3 weeks and cost was 15-20k. He never explained this EAL4 process in detail to anyone in HW compliance. Maybe you can now check CHKP security appliance web site as Nok Appliance BU was sold to CHKP Maybe someone on this list can shed some light on this EAL4 certification. my 2 cents Christopher --- On Thu, 12/17/09, Brian O'Connell <[email protected]> wrote: From: Brian O'Connell <[email protected]> Subject: RE: EAL4 and SIPRNET To: [email protected] List-Post: [email protected] List-Post: [email protected] List-Post: [email protected] Date: Thursday, December 17, 2009, 12:35 PM a. You need to read ISO15408 for the CC stuff. b. I will reply on the condition that you eat this message and shunt all of the associated electrons to a secured protective earth stud that is guarded by a squad of Marines; all else must report to the CIA for a mind-wipe... Secret Internet Protocol Router Network is what the box is connected to; and unless you have something that is considered the end-point or the node is 'trusted guard' there may be no special requirements. My opinion - the DoD has SIPRNET because it has given up on making Mr Bill's products secure. If there is anything like TEMPEST requirements for boxes connected to SIPRNET, it would probably be in the DoD's RFP or procurement spec for the box. Bing/Google/yada is your friend. Brian From: [email protected] [mailto:[email protected]]On Behalf Of [email protected] Sent: Thursday, December 17, 2009 11:40 AM To: [email protected] Subject: EAL4 and SIPRNET Hello group, We have been asked by a customer if our product (IT product) meets the followings: (a) Evaluation Assurance Level of at least 4 (EAL4), (b) SIPRNET (Secret Internet Protocol Router Network) Can someone shed some light on this and also let me know if there are any labs out there that can do these types of testing/verification please? Thank you Peter - This message is from the IEEE Product Safety Engineering Society emc-pstc discussion list. To post a message to the list, send your e-mail to <[email protected]> All emc-pstc postings are archived and searchable on the web at: http://www.ieeecommunities.org/emc-pstc Graphics (in well-used formats), large files, etc. can be posted to that URL. Website: http://www.ieee-pses.org/ Instructions: http://listserv.ieee.org/request/user-guide.html List rules: http://www.ieee-pses.org/listrules.html For help, send mail to the list administrators: Scott Douglas <[email protected]> Mike Cantwell <[email protected]> For policy questions, send mail to: Jim Bacher: <[email protected]> David Heald: <[email protected]>
