Certification & Accreditation Frameworks & Standards
In order to protect our information networks, a trusted software supply chain that produces trustworthy products is essential. Certification, which consists of a formal security evaluation by an independent and accredited body against a pre-defined set of criteria standards that when successful results in a certificate of conformance, can provide a partial solution to this need. Unfortunately the officially certified products on the market can only cover a small part of all the functionalities that are needed in our military corporate and operational networks.
Therefore we need to develop a capability that enables us to selectively evaluate possible non-certified candidate products that we consider installing in our IT environment, to determine whether they can be trusted with an appropriate level of assurance and if so in which configuration, in order to approve them for operational use.