accrediting-common-criteria-lab

Lightship Security Common Criteria Test Lab

Lachlan Turner Common Criteria, Lightship News

The Communications Security Establishment (CSE) of Canada recently accepted Lightship Security as a Candidate Common Criteria Lab – an important milestones in the approval process to become an accredited IT security test lab. Accreditation is performed by the Standards Council of Canada (SCC) in partnership with CSE in accordance with ISO/IEC 17025 and allows participation in the twenty-eight nation Common Criteria Recognition Arrangement (CCRA).

“We are looking to disrupt the certifications landscape with our conformance automation software. Adding the Common Criteria lab allows us to drink our own champagne and perform quality certifications faster than ever before. We’re using Greenlight internally to support the accreditation process.” said Jason Lawlor, President of Lightship Security.

Greenlight is the Lightship Security designed and built software platform that automates testing against the latest Common Criteria Protection Profiles. All labs in Canada, regardless of experience are required to demonstrate ongoing technical competence to SCC and CSE reviewers. Lightship will be the first lab to integrate comprehensive automation through the use of Greenlight for real world evaluations.

Peach Tech

Lightship Security and Peach Tech partner to address new fuzz testing requirements under Common Criteria

Lachlan Turner Common Criteria, Lightship News

Lightship Security is proud to announce our partnership with Peach Tech, a Seattle, US based security software firm, to support our customers in their pursuit of product certification against the internationally recognized security standard, Common Criteria (CC).

The Collaborative Protection Profile for Network Devices (NDcPP) has introduced fuzz testing as part of the vulnerability analysis process. The NDcPP is a canary in the world of CC and we can expect to see fuzz testing become a standardized requirement across many Protection Profiles.

We’ve integrated Peach Tech’s Peach Fuzzer platform into our Greenlight service offering to give customers the peace of mind that their products meet the latest CC fuzz testing requirements.

Read our joint press release for all the details.

lightship-nrc-funding

National Research Council of Canada Funding for Automation Platform

Lachlan Turner Lightship News

As part of our commitment to develop innovative certification automation solutions, Lightship Security is pleased to announce that it has received funding from the National Research Council of Canada Industrial Research Assistance Program (NRC-IRAP).

The funding will provide Lightship the ability to accelerate continued development of our industry first Conformance Automation Platform – Greenlight, in support of our clients Common Criteria certification requirements. The IRAP program support will be instrumental in allowing Lightship to tackle the complexities of the solution to meet a growing demand by government and industry for faster and better certification processes and outcomes.

Ark Infosec joins forces with Lightship Security

Lachlan Turner Lightship News

We are pleased to announce that Ark Infosec is joining forces with Lightship Security under the Lightship banner. Ark Infosec founder Lachlan Turner will be responsible for leading and growing the security consulting and professional services practice for Lightship Security. This strategic move gives Lightship a Vancouver presence and proximity to a growing list of clients on the west coast. Lightship Security is headquartered in Ottawa and specializes in conformance automation solutions, IT security certification consulting and advisory services including Common Criteria and FIPS 140-2.

Network Device Collaborative Protection Profile Overtakes EAL2

Network Device Collaborative Protection Profile Overtakes EAL2

Lachlan Turner Common Criteria

A lot of vendors are targeting their Common Criteria (CC) efforts towards Network Device Collaborative Protection Profile (NDcPP) compliance. A survey of the Australian, Canadian and US in-evaluation lists showed that there are around twelve ongoing NDcPP evaluations (Feb 2017). In comparison, there are ten ongoing Evaluation Assurance Level (EAL)2 evaluations (AU/CA only). This reflects the five-eyes policy shift towards Protection Profiles and the corresponding long sunset of EAL evaluations (at least in the five-eyes*).

Read More

Common Criteria Protection Profile or Collaborative Protection Profile

Collaborative Protection Profiles

Lachlan Turner Common Criteria

If you’ve been looking into CC certification, chances are you may have heard the term Collaborative Protection Profile (cPP), or at least Protection Profile (PP).  This post provides a quick intro and some reference links.

Read More