UC APL

  1. Two Different Takes on SSH

    As we described in a previous blog entry, NIAP is attempting to standardize the requirements for SSH by creating an SSH EP that can be added to many different PP types. This should keep the requirements for SSH consistent across more evaluations and make it easier to incorporate updates to the standard into CC requirements. Read More…

  2. The SSH Extended Package

    Several weeks ago a new EP that adds SSH capabilities to the Application Software, General Purpose OS and Mobile Device Management PPs was released. Most of the SFRs and assurance activities in this EP should be familiar to anyone who has worked with previous PPs that had SSH requirements. What’s significant about this new EP Read More…

  3. San Bernardino, Paris, and the Implications for COTS Solutions Certification for Government Use

    By now, nearly everyone in the Western world has heard of the on-going campaign by many law enforcement and intelligence agencies to get legislation requiring technology vendors, and in particular manufacturers of mobile devices, to offer back doors and/or off-by-default encryption. While this battle seems to by cyclical, rearing its head every few years, the Read More…