Careers & Certifications

03:00 AM
Connect Directly
RSS
E-Mail
50%
50%

Certification Security Blanket

Instead of relying on a brief product demo or trial, check out the product's security certifications.

Not all product certifications are equal, however. Their usefulness depends on the purpose of the certification. You need to understand whether the testing was for functional or implementation purposes, the context of the test and the scope of the results. Most product certifications focus on functional testing--not a feature-by-feature comparison scoring one product over another. The functional tests determine whether a product meets the certification criteria.

The main certifications for security products are the Common Criteria, Federal Information Processing Standard 140-2 (FIPS-140-2) Security Requirements for Cryptographic Modules, and ICSA Labs. Security consultancy Neohapsis--and a Network Computing lab partner--sponsors the Open Security Evaluation Criteria (OSEC), which takes a community-peer-review approach to certification with input from vendors and users.

These certifications complement one another, but if you're a government agency or contractor, you should use the CC and FIPS-140-2 certifications.

Know Your Needs

To get the most out of certifications, you must know your organization's security requirements. These should be stated in a security policy or request for proposal. With such a document in hand, you can easily compare the certification's functionality tests against your needs. It also helps to understand the certification terminology. Common Criteria provides language for building a protection profile (PP), which states your requirements.

Previous
1 of 9
Next
Comment  | 
Print  | 
More Insights
Hot Topics
3
Cisco DevNet Focuses On Developers
Marcia Savage, Managing Editor, Network Computing,  7/21/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
Video
Slideshows
Twitter Feed