Evaluation of Distributed Products in the CC Paradigm (A13c)
Distributed products evaluated under the Common Criteria paradigm have their own set of unique challenges. The Network Device iTC has supported distributed TOEs since the release of Network Device Collaborative Protection Profile (NDcPP) version 2.0. The NDcPP defines a distributed TOE as one that requires multiple distinct components to operate as a logical whole in order to fulfill security requirements. This presentation will discuss the NDcPP distributed TOE use cases and related security and assurance requirements. It will particularly focus on lessons learned from one such product evaluation and offer insight in how challenges in areas such as Security Management, Cryptographic Key Management and Audit were overcome.