At its most basic definition, trusted computing involves making computing and communication systems available, controllable, and secure. These related requirements become more complex when taking into account the extremely dynamic environment of the battlefield. Nevertheless, our military personnel and support need technology they can rely on no matter the situation.
The constant evolution of trusted computing standards sometimes confuses technology professionals working in the defense industry. A host of American and international standards bodies are involved in the creation of these standards. Let’s look more closely at the process.
Performing Security Accreditation for Computing Equipment
A variety of international agencies handle security accreditation for technology used in military applications. In addition to these international standards, some countries have their own trusted computing bodies. An agreement, known as the National Information Assurance Partnership (NIAP), identifies various Common Criteria schemes and protection profiles to make getting accredited in multiple countries a more efficient process.
Technology manufacturers hoping for a trusted computing certification submit a Security Target document identifying the cybersecurity protection around certain functional areas of their embedded systems product. These can include hard drive management, key encryption, and cryptographically verifiable executable code.
For example, when presented with a new military technology product, the UK’s Ministry of Defence issues a Security Aspects Letter. The country’s National Cyber Security Centre conducts an initial analysis of the product and performs a full assessment for products in the highest security grade, while farming out less critical evaluations to other licensed facilities.
NATO Nations Share Common Criteria for Trusted Computing Accreditation
Nations currently in the NATO alliance share standards for accrediting cryptographic products. The NATO Communications and Information Agency Cyber Security (NCI) maintain a catalog of trusted computing products. Input to the process is provided by a security authority of each member nation.
NCI also identifies common C4ISR capabilities, while also maintaining the collaborative protection profiles used in the Common Criteria definitions for the NATO alliance. Once again, this streamlines the process of earning a trusted computing designation for a relevant technology product in multiple NATO member nations.
Ultimately, any time your organization brings a new product into the defense market, the cornucopia of international trusted computing standards remains an important part of the process. Identify how Common Criteria gets shared among multiple countries to help streamline your approval efforts.
When your organization needs advice on serving the government and defense IT market, partner with the experts at Entrust Solutions. A veteran-owned business, we provide the expertise to help ensure a successful project outcome. Schedule some time with us soon.