• Mission
  • Objectives
  • Accomplishments
  • Current Participants
  • Participant Benefits
  • Contact Us
  • Member Login
  •  

Copyright © 2009 http://www.ccvendorforum.org.
Designed by Free CSS Templates

Welcome to the Common Criteria Vendors' forum

Background
The Common Criteria (CC) product evaluation process has proven to be complex and burdensome to many commercial vendors. While many government customers around the world recognize, recommend and sometimes require CC evaluations, product vendors have a difficult time justifying the time and effort investments necessary to meet the evaluation requirements. Moreover, in many cases vendors find that CC evaluations do not significantly improve the security of their products given the level of investment.

Commercial product vendors, to date have had little say in the CC policy and standards development efforts. CC version 3.0 was intended to correct problems in version 2.x, but the commercial product vendors were not part of the standards development process. Fundamental problems such as the fact that CC evaluations are static evaluations of a “snapshot” of a product run counter to the dynamic nature of commercial IT product development remain. Evaluated products may be obsolete by the time the certification is awarded.

CC certifications are not recognized as adding value to many customers; especially non-government customers because the standards do not focus on security issues that most commercial customers care about. It also fails to recognize the efforts vendors put forward to mitigate and reduce the number of code vulnerabilities in their products.


Mission Statement
The Common Criteria Vendors’ Forum is an ad hoc organization of commercial product vendor company representatives gathered to discuss Common Criteria and CC-related issues, develop solutions and drive action to improve CC. We accomplish this by creating awareness of the issues and to provide a single voice as a vendor community to the standards bodies and policy makers

We use a variety of venues and media such as face-to-face workshops and teleconferences to discuss issues and develop solutions. We expect to become participating members of standards bodies.

Objectives

Some of the objectives of the CCFV are;

  • Reduce BY AN ORDER OF MAGNITUDE the time and effort required to complete CC evaluations
  • Create useful, realistic PROTECTION PROFILES
  • Develop a viable strategy to deal with COMPOSED SYSTEMS
  • Support a viable CERTIFICATE RENEWAL process

Accomplishments

The CC Vendors’ Forum follows on the CC Users’ Forums held on October 6-7, 2004 and July 14, 2005. These Forums included presentations and panel sessions including members of Government and Industry. There were several breakout sessions and workshops to address specific topics. Each Forum had a specific focus area. Reports from the previous CC Users’ Forums are available for review. The CC Vendors’ Forum is intended to address commercial product vendor issues

More recently, the CC Vendors’ Forum Planning Committee member companies issued a joint letter to the CC Development Board commenting on the CC version 3.0 issues and expressed our willingness to participate in the standards development process. The CCDB will be considering our proposal at their next meeting.

The Planning Committee has also opened a channel of communications with the NIAP Director to discuss recent NIAP Policies and the impact these new policies have on vendors and our customers. Through our dialog, we hope to develop revised policies that are more reasonable and are viable under NIAP’s constraints.


Current Participants

All of the members are individuals from commercial product companies form around the world who are directly involved in the CC evaluation of their company’s products. Our discussions are technical and address the issues dealt with by those who have to meet the strict CC requirements.

We look forward to the opportunity to meet with the CC Development Board to develop channels of communications so that vendors have more input into the standards development process.

We believe our initial discussions with the NIAP Director will open the lines of communications so that we can have meaningful dialog about US Scheme and US Protection Profile issues as well as DOD policy issues.


Benefits To Participation

  • By joining the Common Criteria Vendors’ Forum, you will be able to include your concerns and issues in our discussions with the standards and policy makers. 
  • Your participation will lend a greater weight and credibility to the comments and proposals the CC Vendors’ Forum makes to standards and policy makers.
  • Collaboration with forum members gives you the opportunity to see diverse approaches to every day CC process challenges.
  • You'll gain insight into new and up-coming standards and policy changes and their impact on product vendors.
  • You will have the opportunity to contribute to developing solutions to problems and issues we all face

Contact Us

If you are already a member of the CCVF, please log in to access the full content of this web site.

If you would like to join the CCVF, please send a request to CCVF-subscribe@yahoogroups.com with your name, company name and description of what you why you would like to join.  Registration is not automatic, it is verified by a person.