NetGreen Consulting, Inc.

Call us: 843-368-9379 or  
724-234-2147      

Email us:      
info@netgreenconsulting.com  
Contact UsFAQs

Common Criteria Overview for Sponsors

“David Green took over an almost-failing Common Criteria evaluation project for an ATM firewall product in mid-stream and turned it around to bring it to a successful conclusion. He then took on a project to gain CC Certification for all three families of Marconi's ATM switching and routing products - 8 products in all - and worked with multiple engineering, product management, manufacturing and security teams to attain a CC Certificate for those products. This required him to write much of the documentation, including the test plan, from scratch because it did not exist in a form that was needed for the evaluation.

"After he left Marconi, David was also called upon as an independent consultant to lead a FIPS 140-2 Validation project for a high-end video-conferencing system that implemented encryption. He interacted regularly with the systems engineers to painstakingly track down and document all the details required to submit to the Test Lab for validation. It's been a pleasure to work with him, and I highly recommend David for any Common Criteria or FIPS 140-2 consulting projects.”

James Kanell, Director, Program Management at Tollgrade Communications
Common Criteria Consulting

Common Criteria Certification and
FIPS 140-2 Validation Consulting

If you're an Information Technology hardware or software vendor and you want to market your products to the US Department of Defense or various Federal government security agencies, you will no doubt encounter the NSTISSP-11 policies required under the Federal Information Security Management Act (FISMA) Implementation Project.

Common Criteria Evaluation and Certification

Issued in 2003, these FISMA policies recognized that COTS (Commercial Off-the-Shelf) IT products often can meet the communications security equipment needs of DoD and Federal agencies and organizations. However, they require that such products be validated under the internationally recognized Common Criteria Certification (CCC) program scheme, which has been implemented in the US as the Common Criteria Evaluation and Validation Scheme (CCEVS) administered by the National Information Assurance Partnership (NIAP). In addition, the Ministries of Defence in the UK, Canada, Germany, France, Italy, Australia, the Netherlands, and other countries also require CCC validation for many IT products. 

FIPS 140-2 Encryption Validation

If your IT product utilizes any form of encryption, it will likely also require validation of its cryptographic module by NIST under the Federal Information Processing Standards security requirements (FIPS 140-2) before it can be considered for a Common Criteria evaluation by CCEVS in the US or by another nation's validation body.  We can help you with a NIST FIPS encryption validation project, including preparation of the necessary documents such as a Security Policy, Derived Test Requirements (DTR), Finite State Machine (FSM), and other required documentation to submit to your NVLAP test lab of choice in order to achieve FIPS 140-2 Validation.

Validation Testing and Documentation

If you're wondering how to meet these Common Criteria Certification or NIST FIPS 140-2 validation requirements and get your products through the rigorous documentation and testing that are required, NetGreen Consulting, Inc. can assist you. We've worked with a number of Test Labs, evaluators and validators, and have led successful projects to provide the documentation and test plans needed to obtain a Common Criteria Certificate or FIPS 140-2 Validation.

We also have connections with experienced companies that can help to get your products and services into US Federal agencies and DoD departments for evaluation and purchase.  You can leverage our association with companies such as FedCentric Technologies to help break through the bureaucratic red tape and obtain that profitable contract with a US government agency.

Previous successful Common Criteria Evaluation or NIST FIPS 140-2 Validation projects include: