Successful Common Criteria Evaluations
A Practical Guide for Vendors
 | Training Session at the 12th International Common Criteria Conference Monday, September 26, 2011 Kuala Lumpur, Malaysia |
Based on the book entitled,Successful Common Criteria Evaluations: A Practical Guide for Vendors, Wes Higaki, Director of Certifications Strategy at Apex Assurance Group and former Director of Product Certifications at Symantec Corporation, will lead a one-day training session for product vendors who need to execute successful, efficient, cost-effective Common Criteria (CC) product security evaluations. This training session is primarily designed for product developers faced with their first CC evaluation - to help him/her avoid the pitfalls that might lead to an expensive, unsuccessful evaluation; however, more experienced vendors may benefit from the lessons learned through his many experiences across a wide variety of products, governments, evaluation labs, and consultants.
Leveraging his experience with numerous evaluations while at Symantec as well as knowledge gained while serving as the chairman for the Common Criteria Vendors' Forum, Wes has developed this course to address many of the key concerns for product developers. Wes has the unique perspective as both a student of the CC and as a commercial product developer. In this course learn how to:
- Interpret the Common Criteria language and requirements
- Prepare for and navigate through the product evaluation process
- Create effective evidence documentation
- Avoid the pitfalls that waste time and money
- Follow the best practices from the experts
Attendees to this training session will receive an electronic copy of the book Successful Common Criteria Evaluations: A Practical Guide for Vendors. Hardcopy versions of the book are available through Amazon.com.
About the Instructor
Wes Higaki is the Director of Certifications Strategy at Apex Assurance Group. Prior to joining Apex, Wes was the Director of Product Certifications and Software Assurance for Symantec Corporation. He oversaw all of the company's Common Criteria, FIPS-140 certifications and ICSA testing. Wes also managed the team responsible for the secure development of software products including managing the company's internal secure software development and test training, threat modeling and penetration testing. He served as a company spokesman addressing software assurance issues and has been an invited speaker at several conferences.
He is the co-founder and former chairman of the Common Criteria Vendors' Forum (CCVF), an informal group of vendors dealing with Common Criteria evaluation issues and is the author and publisher of the book "Successful Common Criteria Evaluations: A Practical Guide for Vendors".
He led a working group through the National Cyber Security Partnership to develop plans to improve the Common Criteria by working with Industry and Government. He co-led the Product Certifications Working Group in the International Technology Association of America (ITAA - now TechAmerica). He represented Symantec on the SAFECode technical committee and the Computer Security Industry Alliance (CSIA - now part of TechAmerica).
Wes has over 30 years of technical and managerial experience in the software industry and received a Bachelor of Science degree in mathematics from the University of California, Davis and a Master of Science degree in computer science from the University of Santa Clara.
Tentative Agenda
| Time | Module/Agenda |
| 09:00 - 09:30 | Module 1: Introduction and Agenda Review |
| 09:30 - 10:30 | Module 2: Introduction to Common Criteria |
| 10:30 - 11:00 | Break |
| 11:00 - 12:00 | Module 3: Planning and Preparation |
| 12:00 - 13:00 | Lunch |
| 13:00 - 14:00 | Module 4: Security Target |
| 14:00 - 14:30 | Break |
| 14:30 - 15:30 | Module 5: Evidence Documentation |
| 15:30 - 16:00 | Break |
| 16:00 - 17:00 | Module 6: CC In the Real-World |
| 17:00 - 17:30 | Module 7: Conclusions |
