International Technical Communities and Collaborative Protection Profiles
As international technical communities (iTCs) are formed to produce and maintain collaborative protection profiles (cPPs) in line with the CCMC Vision statement and the updated CCRA (not yet published but described in MC presentation) details of each will be provided below.
A CCDB Work Group is defining a generic process for establishing iTCs and creating cPPs and associated Supporting Documents through these iTCs. The process will be based on the prototype definition created by the CCDB Work Group for USB Portable Storage Devices:
- The latest released for review draft of the paper defining the iTC/cPP process can be found here iTC/cPP Process paper. This is the latest reviewed draft, but is not yet formally approved by the CCDB.
- The paper has been reviewed by various interested parties and the Work Group responses to comments can be found in the 'Disposition of Comments' and an associated FAQ.
The membership of an iTC brings together many skills and backgrounds needed for the creation of an effective cPP and its Supporting Documents. It is intended that the iTC will include at least:
- Developers (technical representatives, as subject matter experts are vital - marketing and/or CC specialists can take part and may be helpful at the start up meeting but success depends upon the continual interactions between the technical experts involved)
- Government experts (especially those versed in the threats associated with the technology and governmental use cases)
- Evaluators (able to contribute to the requirements and assurance activities, and to comment on the technical and cost effectiveness of proposed assurance activities)
The CCDB USB Working Group (WG) has created a draft rationale identifying a list of expected Supporting Documents relating to the specification and evaluation of cryptographic mechanisms in cPPs, and has submitted the rationale to the CCDB for their consideration. The WG has identified the following four documents to support cPP development: Cryptographic Definitions, Extended Security Functional Requirements for Cryptography in cPPs, Specification of Cryptography in cPPs, Verification of Cryptography in cPPs. Once CCMC and CCDB approval is obtained, these documents are expected to be used by many of the new iTCs and cPPs, as part of a harmonised multi-national approach to specifying and evaluating cryptographic requirements in cPPs.
The iTCs currently endorsed by the CCMC are:
The CCDB Working groups producing ESRs and creating/engaging iTCs are:
The cPPs and Supporting Documents being developed/maintained by each iTC will be indicated on the relevant iTC page.