Labgram #40, Valgram #62, Revised Crypto Policy
Policy 9 was issued in June of 2005 as a temporary measure to clarify the CCEVS documentation needed when a Common Criteria evaluation contains crypto. The attached two documents are aimed at building upon Policy 9 and are to be used by the CCTLs as described below.
“Specifying Requirements in Security Targets” addresses how cryptographic protocols are to be specified in Security Targets. “Evaluation of Cryptographic Protocols and Implementation" provides guidance on how cryptographic protocols are to be evaluated in accordance with CCEVS expectations. By 22 January 2007 each CCTL must select a current evaluation containing cryptography on which to apply these documents. Between 22 January and 31 May 2007, the CCTLs will collect and provide CCEVS with feedback regarding the guidance documents.
During this four month trial-use period, please submit your comments and observations regarding the documents to Dave Dignan (firstname.lastname@example.org) at CCEVS. Upon completion of the four-month trial-use period, the documents will be updated and the documents will be posted as policy on this CCEVS web site.
CCEVS Validators: Please become familiar with these documents and reference them as needed for your evaluations containing cryptography.