The CC certification is an internationally recognized scheme in which through independent, third party verification of the product development processes a specific level of assurance is given to a potential customer about how the product has been produced, tested, shipped and technically supported. The levels of assurance range from EAL1 through EAL7, with EAL4 being the highest internationally recognized level of assurance.
During the CC certification process, not only the functionality of the product under evaluation itself is reviewed, inspected and independently tested, but also the processes by which the product is created, tested, maintained, and delivered to the customers are closely inspected in order to provide assurance across the board on the product and boost the potential customers' confidence in such product.
The certification of a product at a specific revision in reality only provides assurance about the product and processes at that point during the development life cycle of the product. This is problematic for vendors and customers alike since software products continually go through enhancements and bug fixes in order to maintain that high level of assurance the certification provides.
The AMA scheme allows vendors to continue maintaining new revisions of their evaluated products at the same level of assurance as originally certified by following post evaluation activities that maintain the certified processes, control the changes made to the products, analyze and document each change, ensure the same level of testing occurs and that potential vulnerabilities are actively sought and resolved. This is accomplished by establishing an internal watchdog function that not only ensures all changes made to the evaluated product are compliant with security certification requirements, but also ensures that processes that were certified continue to be followed.
It is imperative for customers to recognize the significance of AMA on software products. Unless the certified product undergoes the ongoing process of AMA, there is no guarantee that subsequent versions of the product meet the same requirements and for the customer base it does not make much sense to buy an old revision of a product that has already been surpassed with modifications and perhaps bug fixes and vulnerability resolutions past the point of certification.
In short, certification of a product without the backing of AMA is an assurance that is given on a snapshot of the product at a specific revision and not an ongoing, forward looking assurance that the product although undergoing modifications, is still being developed under the same standards that earned its certification in the first place.
Soheila Amiri, Security Certification Manager, CyberGuard Corporation is speaking at ISSE/ICCC.