[Federal Register Volume 63, Number 155 (Wednesday, August 12, 1998)]
[Notices]
[Pages 43140-43141]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-21630]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology


Announcement of a Workshop to Discuss the Development and 
Implementation of a Common Criteria Evaluation and Validation Scheme 
for Information Technology (IT) Security

AGENCY: National Institute of Standards and Technology.

ACTION: Notice of Public Workshop.

-----------------------------------------------------------------------

SUMMARY: The National Institute of Standards and Technology (NIST) and 
the National Security Agency (NSA), partners in the National 
Information Assurance Partnership (NIAP), invite interested parties to 
attend a public workshop to discuss the development of a Common 
Criteria Evaluation and Validation Scheme for IT Security. The purpose 
of the Common Criteria Scheme is to meet the needs of industry and 
government and for cost-effective security evaluation of IT products, 
(e.g., operating systems, database management systems, firewalls). The 
proposed scheme represents a significant change to previous IT product 
evaluation programs conducted by NSA and completes the transition of 
security testing and evaluation from the government to the private 
sector.

DATES: The workshop will take place on September 9, 1998 from 9:00 A.M. 
until 5:00 P.M. Interested parties should contact NIST at the address 
or telephone numbers listed below to confirm their interest in 
attending the workshop.

ADDRESSES: The workshop will take place at the Sheraton International 
Hotel (BWI Airport), 7032 Elm Road, Baltimore, MD 21240, phone: (410) 
859-3300, fax: (410) 859-0565.

FOR FURTHER TECHNICAL INFORMATION CONTACT: Dr. Ron S. Ross, Information 
Technology Laboratory, National Institute of Standards and Technology, 
820 West Diamond Avenue (Room 426), Gaithersburg, MD 20899, email: 
[email protected], phone: (301) 975-5390, fax: (301) 948-0279. Alternate 
point of contact is: Ms. Robin Medlock, Information Technology 
Laboratory, National Institute of Standards and Technology, email: 
[email protected], phone: (301) 975-5017, fax: (301) 948-0279. Detailed 
workshop information (to include copies of draft documents related to 
the Common Criteria Scheme) is available on the NIAP web site at http:/
/niap.nist.gov. Laboratory accreditation information can be accessed at 
the following web sites: International Laboratory Accreditation Co-
operation (ILAC), http://www.ilac.org, Asia Pacific Laboratory 
Accreditation Cooperation (APLAC), http://www.ianz.govt.nz/aplac/, 
National Voluntary Laboratory Accreditation Program (NVLAP) http://
ts.nist.gov/nvlap.

WORKSHOP REGISTRATION: To register for the workshop, visit the NIAP web 
site at http://niap.nist.gov and follow the link for Events. 
Registration must be received by August 26, 1998. For confirmation or 
additional information, contact Lazer Fuerst at Mitretek Systems, 
phone: (703) 610-1689, fax: (703) 610-1699, email: scheme-
[email protected].

SUPPLEMENTARY INFORMATION: Recent advances in information technologies 
and the proliferation of computing systems and networks world-wide have 
raised the level of concern about security in both the public and 
private sectors. Security concerns are motivated by a growing use of IT 
products throughout industry and government in a variety of critical 
areas--from electronic commerce to national defense. Consumers have 
access to a growing number of security-enhanced IT products with 
different capabilities and limitations and must make important 
decisions about which

[[Page 43141]]

products provide an appropriate degree of protection for their 
information.
    In order to help consumers choose commercial off-the-shelf IT 
products, NIST and NSA are developing a program to evaluate conformance 
of IT products to international standards. This program has the 
following objectives:
     To develop, operate, and maintain a Common Criteria 
Evaluation and Validation Scheme;
     To provide for security evaluations in private sector 
laboratories;
     To ensure that evaluations of IT products are performed to 
consistent standards and to increase confidence in the security of 
those products;
     To improve the availability of evaluated IT products;
     To create a climate for IT security products of ``Make 
them here, test them here, sell them world-wide''.
    The proposed scheme will promote evaluations of IT products 
conducted in the private sector by accredited testing laboratories. 
Products will be evaluated against the Common Criteria for Information 
Technology Security Evaluation, an emerging International Standards 
Organization (ISO) standard. Evaluation results will be validated by 
NIAP leading to the issuance of a validation certificate and placement 
on a validated products list. Certificates for the validated products 
will be recognized by participants in mutual recognition agreements 
based on the Common Criteria, thus reducing the need for multiple 
security evaluations.
    This workshop is for the following audiences:
     Manufacturers, developers, and integrators of IT products 
interested in having their products evaluated against the Common 
Criteria;
     Testing laboratories interested in evaluating IT products 
to the Common Criteria;
     Government and private sector consumers desiring IT 
products evaluated against the Common Criteria and validated by NIAP.
    The workshop will cover a variety of topics to include:
     Introduction to IT product security evaluation;
     Overview of the Common Criteria Scheme;
     Status report on the Common Criteria and Common Evaluation 
Methodology;
     Laboratory accreditation;
     Validation of evaluation results by NIAP.

    Dated: August 6, 1998.
Robert E. Hebner,
Acting Deputy Director.
[FR Doc. 98-21630 Filed 8-11-98; 8:45 am]
BILLING CODE 3510-CN-P