Product Development. What’s Assurance Got To Do With It?

Jason Lawlor Common Criteria

Observations from a CC newcomer

If you’re new to Common Criteria (CC), you might be feeling a little overwhelmed and find yourself wondering if the effort in performing the certification is really worth it. As a newcomer to the industry myself, I can relate. However, as I learn more about the process, I can also tell you that it can be a worthwhile investment for an organization on many levels.

At first glance, you might think that CC is just another framework or standard that requires yet another “audit”. While it is an international standard (ISO/IEC 15408), the real difference vs many other frameworks lies within the core of what Common Criteria is all about. Product Assurance.

A Common Criteria certification ensures that customers of your products can be confident that specific security requirements have been met. It also instills a level of trust with your clients that a given product’s security functions have been verified by an independent, third party, accredited lab. In addition to providing added value for your existing customers, a CC certification is recognized internationally in more than 30 countries and can open doors to new business both domestically and abroad.

Coming from a background in security operations, I know there is always a push to become more mature in our security posture.   

The journey of a CC certification can have a direct positive impact on this objective. When product development and security posture matures, so does the strength of future products and the trust of your clients. CC can provide a solid, recognized framework to support these goals.

The information technology industry is now part of every industry and every market, and Common Criteria plays an important role in contributing to the security of those industries and the technologies they rely on by inspiring vendors to raise the assurance bar and develop products with security at the forefront. A concept desperately needed more than ever before.

When you partner with the testing experts at Lightship, you are partnering with one of the leading labs in North America that is dedicated to your success in your Common Criteria and product assurance journey.

The above blog post was authored by Garrett Nickel, one of the newer member of the growing team of testing experts at Lightship Security.

New to CC?  Let the experienced team at Lightship Security help guide you through the process!  Contact us for more details.