The use of different automation tools in Common Criteria is a reality. In recent years, it has been demonstrated that the capacity to take on a large number of Common Criteria evaluations, both by laboratories and by the Certification Bodies, is limited. The automation of certain processes through the use of tools created specifically for this purpose is seen as the only possible way to speed up the process, both in terms of time and workload. How will the use of tools affect the immediate future of the different stakeholders in Common Criteria? Will automation lead to an increase in the number of certifications and the possibility that more companies will be able to become certified?
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Is Automation Necessary for the CC Survival?
1. ❑ José Ruiz
❑ Co-Director at jtsec Beyond IT Security
❑ Kevin Gallicchio
Technical Leader, NIAP
MODERATOR
PANELISTS
❑ Lachlan Turner
Director Consulting, Lightship Security
❑ Alexander Krumeich
Head of Certification/Senior Software Developer, CGM
❑ Pascal Van Gimst
Vice President Global Services Sales and Business Development, Riscure
2.
3.
4. ❑ Alexander Krumeich
• Job Software Developer, Certification Specialist
• Company CompuGroup Medical Deutschland
• CC EAL 3+ for KoCoBox MED+ since 2015
• Background Java, Unix, LaTeX, DevOps
• Automation Project Developing n-doc
CGM Deutschland AG, Cologne, Germany
5. In development
since 2017
Deployed in
customer and in-
house projects
Published in 2020
as Open Source
Software under
MIT license.
High-Quality,
hyperlinked PDF
Documents
Adaptable to
different
certification
schemes
6. n-docKey features
TOE model in a relational database
as typesetting tool
Best practices of software engineering
7. Continuous Delivery of Documents
Authors/Editors
• edit
document
sources
• use tools in
Docker
container
git (GitLab)
• provides
version
control
• enables
collaboration
Jenkins
• runs LaTeX
• creates PDF
• generates
static web site
for Intranet
nextCloud
• Document
Handover to
Lab
Automation
8. => CC can learn a lot from software engineering:
Automation comes natural to software engineers
Pain Points (developer Perspective)
=> Automation not only saves time but ensures reliability:
fewer manual, error-prone tasks
Insufficient/Incompatible tooling mandated by enterprise
policies and ALC
• ALC restrictions prevent using cloud-based tools such as bug trackers
• Office documents are sent by email, all processing is manual
• Developers/Labs/CABs rely on decades-old, outdated Office templates
• Software Developers are not necessarily familiar with Office tools