Mobile solutions from Microsoft and Blackberry have received the fastest common criteria security accreditations in the Department of Defence's history.
The latest Blackberry and Windows Mobile Platforms received accreditation after a record year-long assessment to meet the Defence Signals Directorate's (DSD's) Common Criteria certification.
Speaking at the 2008 ID and Access Management Summit in Sydney, DSD assistant secretary for information security Robert Campbell said the record speed was achieved because the vendors worked closely with the DSD and put their products through extensive security testing.
"Security flaws slow down evaluation because the product solutions have to be sent back to be fixed," Campbell said.
"[Vendors] should work as closely as possible with the DSD and the laboratories assessing the product to get accreditation as soon as possible."
Campbell said Microsoft and Blackberry were quick to rectify security flaws and sought technical support from the DSD.
He urged vendors to submit products only after rigorous testing and recommended submitting through the lowest appropriate accreditation level to speed-up review.
Perth-based software company Secure System achieved top secret accreditation for its Silicon Disk Encryption product and won a contract with the Department of Defence, after it redesigned the product under close guidance from the DSD.
Consumer guidelines have been added to the Common Criteria to simplify the technical target lists that explain why products have been accredited.
The guidelines show consumers which element of solutions have been accredited, since uncertified solutions can be listed under the criteria's accredited product lists by passing only one component through the evaluation process.
"A VPN and firewall can be passed and listed on the product lists by evaluating the firewall alone," Campbell said.
Wireless technology and converged communications have been added to the ACSI 33 assessment lists; however, accreditation of biometric technology has been stymied by uncertainty and flaws.
Campbell said the technology will be more suited to the common criteria list once it is better understood by the DSD.
Most of the few biometric tools assessed by separate internal methodologies were passed only after arduous security updates or entire rebuilds. A single camera iris scanner was rejected after the DSD discovered users could breach identities by tilting their heads.
Biometric products are assessed for database security, integrity of hash lists, and biometric templates.
Campbell said the DSD security manual, ACSI 33, follows principle rather than rule, and urged industry to submit recommendations for its assessment criteria.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Fortinet November Threatscape Report Shows Calm Before Holiday Storm 2008-12-05 16:00:00+11
Epicor® Cited as an Order Management Solutions Leader by Independent Research Firm 2008-12-05 15:52:00+11
F-Secure: Growth In Internet Crime Calls For Growth In Punishment 2008-12-05 13:00:00+11
International researchers gather in Sydney to preview the clever web 2008-12-05 09:48:00+11
Borderless corporate networks to shift focus to secure content management in Australia in 2009 2008-12-04 16:06:00+11
Data grids and service-oriented architecture
When choosing an SOA strategy, corporations must ensure data availability, reliability, performance and scalability. A data grid infrastructure, built with clustered caching provides a framework for improved data access that can create a competitive edge and sustain customer loyalty. Read on to discover how this can be created within your organisation.
Buying Guides
Latest Products
Buying Guides
