Monthly Archives: April, 2016

  1. FPT_W^X_EXT.1 – A Rundown

    Lately, there has been a lot of discussion in the Operating System iTC around an objective SFR in the current revisions of the protection profile, entitled FPT_W^X_EXT.1. The SFR is part of a set which are intended to address the O.INTEGRITY security objective for the OSPP.  While some of the discussion has been around what Read More…

  2. Updates to the OSPP

    In the beginning of March an updated version of the Protection Profile for General Purpose Operating Systems was released. This brings the OSPP up to version 4.1, with version 4.0 now having a sunset date of September 9, 2016. The changes to this version of the PP are relatively modest and all of them affect Read More…

  3. Vulnerability Analysis and Common Criteria

    With the advent of collaborative Protection Profiles (e.g., the NDcPP), a greater emphasis has been given to the vulnerability analysis requirements required as part of a product evaluation. Vulnerability analysis is a subset of risk management that involves looking at the system elements and layout and their failure modes based on a given set of Read More…