Gossamer is an accredited Common Criteria Testing Laboratory (https://www.niap-ccevs.org/Big_Picture/cctls.cfm) founded by world renowned experts in the field of commercial product evaluation with extensive experience in consulting and evaluations using the Common Criteria and its predecessors. Using our vast experience, we can lead the way to a cost effective and timely evaluation.
Initial Assessments
The evaluation process can be complicated and resource intensive. We can work with you to assess the best course for a Common Criteria evaluation of your product. We will help identify applicable requirements (e.g., Protection Profiles), review the readiness of the product to satisfy the requirements, explain the evaluation process, and estimate the time and effort required to complete an evaluation.
Security Target Development
Security Targets are required for every Common Criteria evaluation. These documents serve to identify the product to be evaluated as well as to identify the specific security claims (i.e., requirements) against which the product will be evaluated. We are experts at composing Security Targets suitable for evaluation and will not only work with you to create the right Security Target for your product, but will maintain that Security Target throughout the evaluation life-cycle.
Entropy Analysis Support
Many currently existing and evolving government Protection Profiles require an assessment demonstrating that cryptographic functions are supported with adequate entropy sources. We can work with you to explain the requirements and to guide, assist, or even develop the required design description and associated entropy justification.
Evaluation and Testing
In order to evaluate products using the Common Criteria, an independent and accredited evaluation team must evaluate the Security Target, the user and administrator guidance for the product, and finally the product itself through hands-on testing. We have extensive experience performing evaluations and will work with you to get the job done while minimizing impacts on your developers. Ultimately, the evaluation results must be approved by a government oversight body and we will also work with them to make that process as smooth as possible to get your Common Criteria evaluation certificate.
Assurance Continuity
While getting a Common Criteria evaluation certificate is a major milestone, you will want to keep your certificate up-to-date to avoid costly re-evaluation where possible. We can work with you to guide or to perform the required analysis and to produce the required documentation in order to keep your certification current.
Evaluation Consulting Support
While our Common Criteria Testing Laboratory is accredited to perform Common Criteria evaluations in order to produce government sanctioned evaluation certificates, we offer additional support as may be needed. Beyond creating Security Targets, we offer specialized training and help with the development of required user and administrative guidance materials.
Gossamer is the lead producer of Common Criteria evaluation certificates in the United States