The Government of Canada (GoC) recommends that CC should be included as a requirement in GoC RFPs/contracts whenever possible.
References
GoC Technology Supply Chain Guidelines (TSCG) – https://www.cse-cst.gc.ca/en/node/300/html/15319
Policy Statements (TSCG-01\G extracts)
6.5 Product Assurance and Equipment and Inventory
Objective: The following clause is intended to give Canada a complete list of equipment in use for delivery of the network services. The approach should be that, whenever possible, only Common Criteria (CC) certified and Crypto Module Validation Program (CMVP) validated products are trusted. The certification requirements should be listed in the mandatory evaluation criteria or in the specification. It should be noted that certification/validation requirements can impact the cost and time objectives of the planned procurement.
Share this Post
Lachlan has 20+ years of extensive product security certification experience, including roles as a government certifier, lab evaluator and vendor consultant. As the Director of Cyber Labs, Lachlan has overall responsibility for our Canadian and US Common Criteria laboratories.