Enterprise Security Management Protection Profiles: An Implementation Plan
Brickman, J
CA Inc., Framingham, MA USA
Winterton, E
Booz | Allen | Hamilton Linthicum, MD USA
At the 9th ICCC, Eric Winterton and I presented a proposal to create a family of Protection Profiles (PP) covering Enterprise Security Management (ESM). Our proposal called for starting with a base PP using minimal requirements and building upon those functions for more complex functionality. We would use some existing PP’s and Security Targets as templates. The ultimate plan was to create a new family of PP’s for ESM. They would cover multiple Evaluation Assurance Levels for various needs of customers and vendors.
We have built a working group consisting of Booz Allen, most of the vendors who have ESM products, as well as full NIAP support. In this talk Mr. Brickman and Mr. Winterton will take the proposal down to the next level. We’ll walk through the various product types and their functions. We’ll describe the authoring and vetting process as well as the roll-out plan. Finally we will tie this proposal into NIAP’s strategy going forward. This new family of Protection Profiles would be used throughout industry including the U.S. Government DoD, IC, and Civil U.S. Markets. An outline of the process and strategy for collaboration with interested customer nations, and vendors to create these Protection Profiles will be provided. Booz Allen Hamilton, and the ESM vendor community are committed to devoting resources to make this proposed effort a success.
Organization: CA & Booz Allen Hamilton
BIO (1): Eric Winterton, CISSP, has over 21 years of direct experience in information assurance systems, security engineering, and security product testing. Mr. Winterton has been performing IA product assessments for the past 11 years and has performed as the Common Criteria Technical Director for the Booz Allen Hamilton CC lab for the past 5 years. He holds an undergraduate degree in computer science and a Master's Degree from Johns Hopkins University.
BIO (2): Joshua Brickman, Federal Certifications Program Manager at CA Inc, has led his company through the successful evaluation of Seven products through NIAP’s scheme of Common Criteria over the last three years. Prior to CA, Mr. Brickman worked in Program and Project Management at several software companies including PeopleSoft and Ceridian. He holds an undergraduate degree from Emerson College and a Masters in Management from Lesley College.
Title of Paper: Enterprise Management Solutions Protection Profiles: An Implementation Plan