Dedicated Security Components

CCDB iTC Liaison:  US

Introduction and Status

The CCDB has established a Work Group to assist in creating an iTC (and hence cPPs) for Dedicated Security Component (the Work Group name is abbreviated to "DSC WG"). The Work Group comprises participants from 2 nations, at present: The UK and the US.

The invitation notice for joining the candidate iTC, with contact details, can be found here: iTC invitation letter.

To join the iTC, please message: iTC-DSC@niap-ccevs.org.

DSC cPP v1.0 (Candidate)

  • Public Review for DSC cPP v1.0 Candidate closed - June 14, 2019
  • iTC adjudicated all feedback received on published candidate - Sept 2019
  • iTC decided not to do another round of feedback for the v1.0 — will begin with “Parking Lot” items for next revision
  • iTC Refined and structurally adjusted the cPP to better address feedback

DSC SD (in Progress)

  • Updated existing SD Coverage to align with changes made to cPP candidate
  • Identified leads for most remaining work, but calling for more engagement from iTC
  • Multiple Sessions Scheduled at upcoming CCUF workshop in Singapore to continue work

iTC Activity

  • Reviewing, comparing, and collaborating with OTHER iTCs / PPs (GP, FIDO, BSI (CSP PP), etc.)
  • Planning setup of an DSC Interpretations Team to be in place prior to release of DSC cPP / SD

Draft DSC cPP Released for Public Review

The vendor led DSC iTC is pleased to announce the public review of the DSC cPP v1.0 (Candidate).

The DSC iTC is calling for review and comments to be submitted within the next 6 weeks —public review will close on 14 June 2019. We request that all submissions be sent using the Comment Matrix document linked below and changing its name to “DSC-1.0-Candidate-Comments-<Org>-<FirstName LastInitial>” with your organization name, first name, and last initial. An example would be “DSC-1.0-Candidate-Comments-MyCompany-JohnD”. Completed comment forms should be e-mailed to iTC-DSC-Tech-Editors@niap-ccevs.org by 14 June 2019. Submitted comments will be consolidated and adjudicated by the DSC iTC Tech Writers group.

The DSC iTC has chosen to release this initial DSC cPP now which meets and exceeds the defined Use Case #1 while continuing development and incorporating more comprehensive coverage for the additional Use Cases defined within the document. The iTC will continue to drive for maturing and advancing the cPP / SD to properly cover the extensive technology represented within the iTC that now exceeds 115 members and representatives from eight schemes.

Currently, the required Supporting Document (SD) containing the Evaluation Activity is under ongoing development by the DSC iTC Tech Writers. It will be updated to align with any adjudicated changes to the DSC cPP and will be available for public review following its completion and DSC iTC Approval.

Security Problem Definition (SPD)

The DSC iTC has released the draft Capabilities, Assumptions and Threats document for public review.  The public review will close on Tuesday, 17 January 2017.  All feedback should be submitted by this date using this review template.  Completed review forms should be e-mailed to iTC-DSC-Tech-Editors@niap-ccevs.org

Initial Essential Security Requirements (ESR) and Position Statements

Essential Security Requirements

The working group has produced an Essential Security Requirements document for Dedicated Security Component. The ESR represents the common needs of the WG members in the technology area. The document can be found here: Essential Security Requirements.

Information about Dedicated Security Component cPP Position Statements can be found here: Position Statements.