ABSTRACT
The Common Criteria (CC) standard, methodology, and user community are young and as a result dynamic. The CC Implementation Management Board (CCIMB) had the foresight to put into place
a priori
a formal process to facilitate the evolution of the standard and methodology so it could stay current with the continual rapid advances in information technology. During the development of this book, three CC/CEM supplements were issued (one final, two drafts), and two new countries signed the Common Criteria Recognition Agreement (CCRA). In the United States, one CCTL was added and one CCTL was deleted from the list of accredited laboratories, and one Final Interpretation was issued. This chapter explores emerging concepts and planned events within the CC/CEM, to help the reader stay abreast of new developments. These concepts, which are under discussion within the CC user community, have not yet been formally incorporated into the standard or methodology but are likely to be so in the near future. Specifically, developments related to the following topics are discussed:
ASE: Security Target Evaluation
AVA: Vulnerability Analysis and Penetration Testing
Schedules for new CC standards (ISO/IEC and CCIMB)
In May 2002, the Common Criteria Implementation Management Board (CCIMB) issued a draft ASE CEM supplement for public comment and review. This supplement incorporates lessons learned to date from security target evaluations. When approved, the changes proposed in the supplement will be incorporated into the CEM and Part 3 of the CC; CC Part 1 Annex B and C will be deleted, as will CC Part 3 Chapter 3. Similar changes may ripple
through APE as well. In summary, the supplement proposes reorganizing and rescoping some ASE families:
ASE_INT —
This family will absorb the information (content and presentation of evidence) currently required by ASE_DES.
