DOCSLIB.ORG

UK Cyber Security Standards: Research Report

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

UK CYBER SECURITY STANDARDS Research Report November 2013 Survey conducted by Commissioned by: The Department for Business, Innovation and Skills (BIS) is building a dynamic and competitive UK economy by creating the conditions for business success; promoting innovation, enterprise and science; and giving everyone the skills and opportunities to succeed. To achieve this it will foster world-class universities and promote an open global economy. BIS - Investing in our future. For further information, see www.gov.uk/bis. Conducted by: PwC helps organisations and individuals create the value they’re looking for. We’re a network of firms in 158 countries with close to 169,000 people who are committed to delivering quality in assurance, tax and advisory services. Tell us what matters to you and find out more by visiting us at www.pwc.co.uk. Our security practice, spanning across our global network, has more than 30 years’ experience, with over 200 cyber security professionals in the UK and 3,500 globally. Our integrated approach recognises the multi-faceted nature of cyber security and draws on specialists in process improvement, value management, change management, human resources, forensics, risk, and our own legal firm. The PwC team was led by Andrew Miller and Ben Emslie. We’d like to thank all those involved for their contribution to this research. 2 Foreword The Department for Business, Innovation and Skills (BIS) recognises the importance of cyber security to the UK economy. Without effective cyber security, we place our ability to do business and to protect valuable assets such as our intellectual property at unacceptable risk. A vital prerequisite for driving forward our collective maturity and confidence in this area is the timely availability of relevant and appropriate cyber security standards with which organisations can develop and demonstrate their cyber security abilities and credentials. BIS is therefore committed to collating information about cyber security standards and making it available publicly. As part of this initiative, BIS commissioned a research project into the availability and adoption of cyber security standards across the UK private sector. This report combines the responses to an extensive and wide-ranging online survey, the findings of a series of in-depth one-to-one interviews with a broad range of UK business leaders, and an analysis of the current cyber security standards landscape in order to provide an insight into the current levels of both supply and demand in this area. It also, and perhaps more importantly, aims to identify the prevailing motivators and constraining factors for organisation’s adoption of cyber security standards in order to inform the Government’s efforts in coordinating and ensuring the nation’s collective cyber security. David Willetts Minister for Universities and Science 3 Executive Summary internal controls and the procurement of new The number of standards relating to cyber products and services. Standards sometimes security in some form exceeds 1,000 supported these approaches but generally only publications globally. This makes for a complex indirectly. standards landscape. Despite the quality and general applicability of most individual of organisations implemented new standards, there was no comprehensive 48% policies to mitigate cyber security standard identified that provided a ‘one size fits risks all’ approach. Conversely the complex conducted cyber security risk landscape made it difficult for organisations to 43% assessments and impact analysis to identify the standards relevant to their quantify these risks organisation and business activities. of organisations investing in BYOD implemented a related standard of publications focus on organisational (covering security) to some level. 10% cyber security standards, adding This also showed a particular 67% complexity to this over-represented interest in this technology over section of the landscape others of publications focus on people cyber of organisations who purchased security standards, showing a clear certified products or services did so 3% 34% lack of representation and focus in purely to achieve compliance as an this area outcome of cyber security publications covered in this report were able to be defined An increase in products and services standards 56% as a ‘standard’ e.g. rather than a since 2005 suggests a trend in organisations framework or certification seeking externally provided security services and off the shelf products. Despite this of these publications were sector increase, the supply of standards fails to match 89% agnostic and therefore targeting the the levels of investment across the categories. general market Products Organisational The awareness of cyber security threats and % of standards the importance placed on them was generally 16% 67% relating to this high; but organisations mitigate cyber security V category risk differently depending on the size of the s % of organisations organisation and its sector. This affects the 69% 42% investing over £1k importance placed on the use of standards and p.a. in this category certification as an approach. of organisations believe people 25% standards to be ‘not important at all’ business priority for organisations is th 8 the safeguarding of information While many organisations implement cyber assets security standards to some degree, the majority was the average level of importance partially implement the controls deemed placed on cyber security certification 7/10 relevant and self-certify this compliance. Only a with 10/10 representing the highest small proportion invests in gaining external importance certification. of organisations plan an increase in 35% cyber security spending of organisations implement a 52% standard to some level Some organisations questioned the relevance of organisations invest in full of cyber security standards to directly mitigate 25% implementation of at least one their organisation’s cyber security risk. As a standard result they often focussed on establishing 4 of the 25% of organisations above barrier is that there appears to be no 1in4 that fully implement a standard 3rd discernible financial incentive to invested in external certification invest Organisations stated predominantly commercial The average current investment in cyber and business reasons for their lack of adoption security and cyber security standards was of cyber security standards and the investment generally low but many had plans for the future, in external certification. This suggests a showing a potential rise in future adoption. perceived lack of clarity surrounding the business case for cyber security standards. No of organisations invest less than 5% standard reviewed as part of this research 54% of their cyber security budget on incorporated a business case element. cyber security standards compliance of organisations plan to develop an main barrier to cyber security 34% Information Security Management 1st standards is that they are too System in the future expensive plan to achieve certification to a 39% most commonly stated barrier is the cyber-security standard in the future 2nd difficulty in calculating a return on investment 5 Table of Contents Research approach....................................................................................................................... 7 The cyber security standards landscape....................................................................................... 9 Adoption of cyber security standards by UK Industry ................................................................. 21 Annex A – Survey and Interview Approach and Demographics ................................................. 34 Annex B – High-Level Mapping Definitions and Dimensions ...................................................... 36 Annex C – High-Level Cyber Security Landscape (Tabulated)................................................... 49 Annex D – Detailed Mapping Definitions and Criteria ................................................................. 77 Annex E – Detailed Mapping....................................................................................................... 83 6 Background and purpose The standards landscape for cyber security is highly complex, with various Government and industry-led standards and schemes in existence and in development, domestically and internationally. Without a clear understanding of this landscape, and the current and potential uptake of standards, Government is unable to identify and develop evidence-based policies to close the gaps in the landscape or support the uptake of good standards for cyber security products and services. The purpose of this report is to inform the understanding of the cyber security standards landscape, and the current and potential uptake of standards in the UK. This has been achieved via research to identify what standards organisations have adopted, why they have chosen such an approach and how they have used these standards to support their organisation. Research approach In order to produce this report a number of research methods were applied. These included: 1. The identification of the prevalent cyber security standards in the UK, determined by the respondents and contributors to this research. 2. Gathering information on existing standards, and documenting their coverage and content. This was corroborated and enhanced by subsequent cross referencing with the information gathered in the steps below. 3. Engagement
Recommended publications
  • Validators Report

    Validators Report

    National Information Assurance Partnership ® TM Common Criteria Evaluation and Validation Scheme Validation Report IBM Global Security Kit (GSKit) 8.0.14 Report Number: CCEVS-VR-VID10394-2011 Dated: 2012-03-06 Version: 1.0 National Institute of Standards and Technology National Security Agency Information Technology Laboratory Information Assurance Directorate 100 Bureau Drive 9800 Savage Road STE 6740 Gaithersburg, MD 20899 Fort George G. Meade, MD 20755-6740 ACKNOWLEDGEMENTS Validation Team Jim Brosey Orion Security Fort Meade, Maryland Jandria S. Alexander Aerospace Fort Meade, Maryland Vicky Ashby The MITRE Corporation McLean, Virginia Evaluation Team Alejandro Masino, Trang Huynh, Courtney Cavness atsec Information Security Corporation Austin, Texas Table of Contents 1. EXECUTIVE SUMMARY ........................................................................................................................................ 4 2. IDENTIFICATION .................................................................................................................................................... 4 3. CLARIFICATION OF SCOPE ................................................................................................................................. 6 3.1. PHYSICAL SCOPE ................................................................................................................................................... 6 3.2. LOGICAL SCOPE ....................................................................................................................................................
  • Cen Workshop Agreement Cwa 14722-3

    Cen Workshop Agreement Cwa 14722-3

    CEN CWA 14722-3 WORKSHOP August 2004 AGREEMENT ICS 35.240.15 Supersedes CWA 14722-3:2004 English version Embedded financial transactional IC card reader (embedded FINREAD) - Part 3: Functional and Security Specifications This CEN Workshop Agreement has been drafted and approved by a Workshop of representatives of interested parties, the constitution of which is indicated in the foreword of this Workshop Agreement. The formal process followed by the Workshop in the development of this Workshop Agreement has been endorsed by the National Members of CEN but neither the National Members of CEN nor the CEN Management Centre can be held accountable for the technical content of this CEN Workshop Agreement or possible conflicts with standards or legislation. This CEN Workshop Agreement can in no way be held as being an official standard developed by CEN and its Members. This CEN Workshop Agreement is publicly available as a reference document from the CEN Members National Standard Bodies. CEN members are the national standards bodies of Austria, Belgium, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMITÉ EUROPÉEN DE NORMALISATION EUROPÄISCHES KOMITEE FÜR NORMUNG Management Centre: rue de Stassart, 36 B-1050 Brussels © 2004 CEN All rights of exploitation in any form and by any means reserved worldwide
  • Part 3: Security Assurance Components

    Part 3: Security Assurance Components

    Common Criteria for Information Technology Security Evaluation Part 3: Security assurance components September 2012 Version 3.1 Revision 4 CCMB-2012-09-003 Foreword This version of the Common Criteria for Information Technology Security Evaluation (CC v3.1) is the first major revision since being published as CC v2.3 in 2005. CC v3.1 aims to: eliminate redundant evaluation activities; reduce/eliminate activities that contribute little to the final assurance of a product; clarify CC terminology to reduce misunderstanding; restructure and refocus the evaluation activities to those areas where security assurance is gained; and add new CC requirements if needed. CC version 3.1 consists of the following parts: Part 1: Introduction and general model Part 2: Security functional components Part 3: Security assurance components Trademarks: UNIX is a registered trademark of The Open Group in the United States and other countries Windows is a registered trademark of Microsoft Corporation in the United States and other countries Page 2 of 233 Version 3.1 September 2012 Legal Notice: The governmental organisations listed below contributed to the development of this version of the Common Criteria for Information Technology Security Evaluation. As the joint holders of the copyright in the Common Criteria for Information Technology Security Evaluation, version 3.1 Parts 1 through 3 (called “CC 3.1”), they hereby grant non- exclusive license to ISO/IEC to use CC 3.1 in the continued development/maintenance of the ISO/IEC 15408 international standard. However, these governmental organisations retain the right to use, copy, distribute, translate or modify CC 3.1 as they see fit.
  • Completed Projects / Projets Terminés

    Completed Projects / Projets Terminés

    Completed Projects / Projets terminés New Standards — New Editions — Special Publications Please note that the following standards were developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), and have been adopted by the Canadian Standards Association. These standards are available in PDF format only. CAN/CSA-ISO/IEC 2593:02, 4th edition Information Technology–Telecommunications and Information Exchange Between Systems–34-Pole DTE/DCE Interface Connector Mateability Dimensions and Contact Number Assignments (Adopted ISO/IEC 2593:2000).................................... $85 CAN/CSA-ISO/IEC 7811-2:02, 3rd edition Identification Cards–Recording Technique–Part 2: Magnetic Stripe–Low Coercivity (Adopted ISO/IEC 7811-2:2001) .................................................................................... $95 CAN/CSA-ISO/IEC 8208:02, 4th edition Information Technology–Data Communications–X.25 Packet Layer Protocol for Data Terminal Equipment (Adopted ISO/IEC 8208:2000) ............................................ $220 CAN/CSA-ISO/IEC 8802-3:02, 2nd edition Information Technology–Telecommunications and Information Exchange Between Systems–Local and Metropolitan Area Networks–Specific Requirements–Part 3: Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Access Method and Physical Layer (Adopted ISO/IEC 8802-3:2000/IEEE Std 802.3, 2000) ................. $460 CAN/CSA-ISO/IEC 9798-1:02, 2nd edition Information Technology–Security Techniques–Entity Authentication–Part
  • Model Domene Kmetijskega Informacijskega Sistema, Utemeljenega Na Standardih | Domain Model of an Agricultural Information System Based on Standards | 51-67 | | 51 |

    Model Domene Kmetijskega Informacijskega Sistema, Utemeljenega Na Standardih | Domain Model of an Agricultural Information System Based on Standards | 51-67 | | 51 |

    G 2018 V GEODETSKI VESTNIK | letn. / Vol. 62 | št. / No. 1 | | 62/1 | MODEL DOMENE DOMAIN MODEL Of KMETIJSKEGA AN agricultural INfORMACIJSKEGA INfORMATION system SISTEMA, utemeljenega BASED ON standards NA standardih RECENZIRANI ČLANKI | PEER-REVIEWED ARTICLES Nikola Janković, Miro Govedarica, Gerhard Navratil, Paolo Fogliaroni UDK: 006:631:659.2:91 DOI: 10.15292/geodetski-vestnik.2018.01.51-67 Klasifikacija prispevka po COBISS.SI: 1.02 REVIEW ARTICLE Prispelo: 7. 7. 2017 Received: 7. 7. 2017 Sprejeto: 3. 1. 2018 Accepted: 3. 1. 2018 EN IZVLEČEK ABSTRACT SI | Za boljše upravljanje podatkov v kmetijstvu so vladne službe To better manage data in agriculture, governmental razvile geoinformacijske sisteme. Ti sistemi, ki praviloma services implement geoinformation systems. These systems temeljijo na sodobnih tehnologijah in standardih, se lahko may be used as an aid to calculation of subsidies, serve as uporabljajo predvsem kot pomoč pri določevanju kmetijskih means of control and as support in decision making while podpor, pri njihovem nadzoru ter kot podpora odločanju pri following the latest technologies and standards. One of the uresničevanju drugih nalog javnega sektorja. V okviru ene oldest policies of the EU, the Common Agricultural Policy, najstarejših politik Evropske unije, to je skupne kmetijske implements a system for agricultural subsidies along with politike, se je razvil sistem kmetijskih subvencij, z njim an information system to aid in enforcing it. This paper pa tudi sistem, ki pomeni pomembno podporo sistemu provides one design for an exhaustive geoinformation system kmetijskih subvencij. V članku predstavljamo razvoj in the Republic of Serbia and verification of the mentioned obširnega geoinformacijskega sistema Republike Srbije ter system with test data.
  • INCITS Withdrawn Standards and Projects List - Prior to 2015

    INCITS Withdrawn Standards and Projects List - Prior to 2015

    INCITS Withdrawn Standards and Projects List - Prior to 2015 Key: Designation: The final standard designation given to the published standard Project: The initial number assigned to new project prior to 2013. Title: Title of the standard Committee: The committee assignment for the project. Designation: -[] Project: 1058 Knowledge Information Format (KIF) Committee: INCITS/DM32.8 Designation: -[] Project: 1059 Conceptual Graphs: A presentation language for knowledge in conceptual models Committee: INCITS/DM32.8 Designation: -[] Project: 106 USA Candidates for Registry Committee: INCITS/L2 Designation: -[] Project: 2113 Cartridge Characterization Standard - Part 4: Ink Cartridge Attributes Committee: INCITS/W1 Designation: -[] Project: 2113 Cartridge Characterization Standard - Part 5: Toner cartridge attributes Committee: INCITS/W1 Designation: -[] Project: 2086 Document Printing Application - Part 1: Abstract Service Definition and Procedures Committee: INCITS/T3 Designation: -[] Project: 2087 Application session service Committee: INCITS/T3 Designation: -[] Project: 1234 Information technology - Database languages - SQL - Part 4: Persistent Stored Modules (SQL/PSM) TECHNICAL CORRIGENDUM 1 Committee: INCITS/DM32.2 Designation: -[] Project: 1234 Information technology - Database languages - SQL - Part 1: Framework (SQL/Framework) TECHNICAL CORRIGENDUM 1 Committee: INCITS/DM32.2 Designation: -[] Project: 2061 Protocol Combinations to Provide and Support the OSI Network Service (Technical Report Type 3) Committee: INCITS/T3 Designation:
  • Ccdb-2009-03-001

    Ccdb-2009-03-001

    Supporting Document Mandatory Technical Document Application of Attack Potential to Smartcards March 2009 Version 2.7 Revision 1 CCDB-2009-03-001 Foreword This is a supporting document, intended to complement the Common Criteria version 3 and the associated Common Evaluation Methodology for Information Technology Security Evaluation. Supporting documents may be “Guidance Documents”, that highlight specific approaches and application of the standard to areas where no mutual recognition of its application is required, and as such, are not of normative nature, or “Mandatory Technical Documents”, whose application is mandatory for evaluations whose scope is covered by that of the supporting document. The usage of the latter class is not only mandatory, but certificates issued as a result of their application are recognized under the CCRA. Technical Editor: BSI Document History: V2.7 March 2009 (technical update of rating categories and update on usage of open samples based upon corresponding JIL document version 2.7) V2.5 December 2007 (explicit statements added that the points for identification and exploitation have to be added at the end to achieve the final attack potential value, references updated) V2.3 April 2007 (evaluation time guideline and rules regarding the use of open samples added and updated for use with both CC version 2 and 3) V2.1 April 2006 (classification as mandatory technical document, several updates to the tables) V1.1, July 2002 (draft indicator deleted, references updated, same content as V1.0) General purpose: The security properties of both hardware and software products can be certified in accordance with CC. To have a common understanding and to ensure that CC is used for hardware integrated circuits in a manner consistent with today’s state of the art hardware evaluations, the following chapters provide guidance on the individual aspects of the CC assurance work packages in addition to the Common Evaluation Methodology [CEM].
  • Microsoft Windows Common Criteria Evaluation Security Target

    Microsoft Windows Common Criteria Evaluation Security Target

    Windows 10, Server 2012 R2 Security Target Microsoft Windows Common Criteria Evaluation Microsoft Windows 10 Microsoft Windows Server 2012 R2 Security Target Document Information Version Number 1 Updated On March 17, 2016 Microsoft © 2016 Page 1 of 97 Windows 10, Server 2012 R2 Security Target This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. This work is licensed under the Creative Commons Attribution-NoDerivs- NonCommercial License (which allows redistribution of the work). To view a copy of this license, visit http://creativecommons.org/licenses/by-nd-nc/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious.
  • Validators Report

    Validators Report

    National Information Assurance Partnership ® TM Common Criteria Evaluation and Validation Scheme Validation Report SGI Red Hat Enterprise Linux Version 5.1 Report Number: CCEVS-VR-VID10286-2008 Dated: 2008-04-21 Version: 1.0 National Institute of Standards and Technology National Security Agency Information Technology Laboratory Information Assurance Directorate 100 Bureau Drive 9800 Savage Road STE 6740 Gaithersburg, MD 20899 Fort George G. Meade, MD 20755-6740 ACKNOWLEDGEMENTS Validation Team The Aerospace Corporation Columbia, MD Noblis Falls Church, VA atsec Information Security Corporation Austin, TX Table of Contents 1. EXECUTIVE SUMMARY ........................................................................................................................................4 2. IDENTIFICATION ....................................................................................................................................................5 3. SECURITY POLICY .................................................................................................................................................6 3.1. I&A.......................................................................................................................................................................6 3.2. AUDITING ..............................................................................................................................................................6 3.3. DISCRETIONARY ACCESS CONTROL ......................................................................................................................7
  • Review on Common Criteria As a Secure Software Development Model

    Review on Common Criteria As a Secure Software Development Model

    International Journal of Computer Science & Information Technology (IJCSIT) Vol 4, No 2, April 2012 REVIEW ON COMMON CRITERIA AS A SECURE SOFTWARE DEVELOPMENT MODEL Mehmet Kara 1 1TUBITAK BILGEM UEKAE, Kocaeli, Turkey [email protected] ABSTRACT Standards, models, frameworks and guidelines have been developed for secure software development such as such as Common Criteria, SSE-CMM, Microsoft SDL, OpenSAMM. Current standards and models provide guidance for particular areas such as threat modelling, risk management, secure coding, security testing, verification, patch management, configuration management etc. But there is not a generally accepted model for a secure software development lifecycle. Common Criteria provides objective evaluation methodology to validate that a product satisfies a specified set of security requirements. In this paper Common Criteria secure software development approach is examined and compared with other well known standards and models. KEYWORDS Common Criteria, Secure Software Development, Vulnerability, Confidentiality, Integrity, Availability. 1. INTRODUCTION Software applications are increasingly ubiquitous, heterogeneous, mission-critical and vulnerable to security incidents, so that it is absolutely vital that information systems are properly ensured from the very beginning, due to the potential losses faced by organizations that put their trust in all these information systems and because it is cost-effective and also brings about more robust designs. Therefore, security is among the non-functional requirements which are more seriously taken into account nowadays [1]. Software development process has been continuing for a long time. Characteristic of the first software projects was missed schedules, blown budget, and flawed products. But when we looked to the past there wasn’t a magic solution, a single development, in either technology or management technique, promises magnitude improvement in productivity, in reliability, in simplicity [15].
  • Section 8A: Technical Specifications Table

    Section 8A: Technical Specifications Table

    SECTION 8A: TECHNICAL SPECIFICATIONS TABLE OF CONTENTS SECTION NUMBER TITLE DIVISION 1 GENERAL REQUIREMENTS 01001 Standard Drawings, Standard Specifications and Approved Materials List 01002 Contractor’s Insurance Certification and Pollution Liability Insurance 01005 Coordination with Design Engineer and Agency 01010 Summary of Work 01025 Measurement and Payment 01039 Coordination and Meetings 01043 Coordination with Agency’s Operations 01047 Connections to Existing Facilities 01060 Permits and Other Regulatory Requirements 01090 Reference Standards 01170 Special Technical Provisions 01300 Record Drawings and Submittals 01310 Construction Progress Schedules 01370 Schedule of Values 01380 Pre-Construction Video Recording and Photographs 01400 Quality Control 01410 Testing Laboratory Services 01500 Construction Facilities and Temporary Controls 01545 Protection of Work and Property 01570 Traffic Regulations 01600 Materials and Equipment 01630 Product Options and Substitutions 01700 Project Closeout 01710 Clean-up 01734 Operating and Maintenance Information 01760 Spare Parts and Maintenance Materials DIVISION 2 SITEWORK 02010 Subsurface Investigation 02050 Demolition and Removal 02055 Removal and Disposal of Polychlorinated Biphenyls (PCBs) 02130 Removal and Resurfacing of Pavement 02160 Excavation Support Systems 02200 Earthwork CITY OF OCEANSIDE TOC - 1 HENIE HILLS & J.P. STEIGER RESERVOIR REPAIRS SPECIFICATION TABLE OF CONTENTS 908754600712 October 2020 TABLE OF CONTENTS (Continued) SECTION NUMBER TITLE 02205 Existing Utilities 02222
  • 523 Lss 2020 Common Criteria Certification Report Ricoh

    523 Lss 2020 Common Criteria Certification Report Ricoh

    UNCLASSIFIED COMMON CRITERIA CERTIFICATION REPORT RICOH Pro C5300S/C5310S, v.JE-1.00-H 21 December 2020 523 LSS 2020 UNCLASSIFIED TLP:WHITE FOREWORD This certification report is an UNCLASSIFIED publication, issued under the authority of the Chief, Communications Security Establishment (CSE). The Information Technology (IT) product identified in this certification report, and its associated certificate, has been evaluated at an approved evaluation facility established under the Canadian Centre for Cyber Security (CCCS). This certification report, and its associated certificate, applies only to the identified version and release of the product in its evaluated configuration. The evaluation has been conducted in accordance with the provisions of the Canadian CC Scheme, and the conclusions of the evaluation facility in the evaluation report are consistent with the evidence adduced. This report, and its associated certificate, are not an endorsement of the IT product by Canadian Centre for Cyber Security, or any other organization that recognizes or gives effect to this report, and its associated certificate, and no warranty for the IT product by the Canadian Centre for Cyber Security, or any other organization that recognizes or gives effect to this report, and its associated certificate, is either expressed or implied. If your department has identified a requirement for this certification report based on business needs and would like more detailed information, please contact: Contact Centre and Information Services [email protected] | 1-833-CYBER-88 (1-833-292-3788) 2 UNCLASSIFIED TLP:WHITE OVERVIEW The Canadian Common Criteria Scheme provides a third-party evaluation service for determining the trustworthiness of Information Technology (IT) security products.