tag:blogger.com,1999:blog-6042572809285034351.post7769545697132432730..comments2024-03-28T06:24:32.786-05:00Comments on atsec IT security blog: What I would like to hear (and not) at the next ICCC...Andreashttp://www.blogger.com/profile/17368437730621711005noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-6042572809285034351.post-56539725171208457762013-08-19T15:47:29.018-05:002013-08-19T15:47:29.018-05:00The expression "death by a thousand cuts"...The expression "death by a thousand cuts" comes to mind.<br /><br />If you take out all the countries with local requirements, the business case for an EAL4 becomes hard to justify. <br /><br />I think that CC had reached a level where our customers were gaining a lot of value. We provide a TOE compliant with PPs for traffic filter firewall, application level firewall, IPS, a cryptographic implementation to the highest recommendations NIST SP800-131A for cryptographic strength, high availability with clustering and hardware redundancy, remote access with IKE/IPSec and SSL, remote management. We have included virtualization as claimed security functionality for our Security Gateway and Security Management, and withstood AVA_VLA.3.<br /><br />The cPPs are early days. With only 3 certifications complete I would not call it ready for prime time. But then the goal of consistency between evaluations is not aligned to ours which have been to certify a full featured and useful security solution that can be deployed in the evaluated configuration. <br /><br />Malcolm Levynoreply@blogger.com