The Common Criteria may be one of the best kept secrets of the computer security world. It was designed to provide customers assurances that the products they purchase have met a level of security. It is an international standard ISO 15408, but its arcane nature and complex process have been adopted primarily by governments. Commercial product vendors wishing to sell IT product to these governments are faced with learning this exotic language and navigating its labyrinthian evaluation process. This book provides practical guidance based on years of real-world experience to vendors brave enough to venture into this realm. Learn how to: - Interpret the Common Criteria language and requirements - Prepare for and navigate through the product evaluation process - Create effective evidence documentation - Avoid the pitfalls that waste time and money - Follow the best practices from the experts This book is a "must read" for anyone who needs to execute successful, efficient, cost-effective Common Criteria product security evaluations.

We all transmit and store sensitive and confidential electronic data in our everyday lives. Consumers send their credit card numbers across the Internet to make online purchases. Corporations store financial and medical information. This data must be protected and encryption (or cryptographic technologies) is the last line of defense against unauthorized access to this precious information. The Federal Information Processing Standard 140 (FIPS 140) is an internationally-recognized standard for assessing and validating that the cryptographic technologies used in our computer systems and networks are secure. The FIPS 140 validation process can be confusing and mystifying to the uninitiated. FIPS 140 Demystified: An Introductory Guide for Developers is the first book to unravel the complexities and intricacies of this product testing process. In this book, the reader will learn: What the FIPS 140 standards cover How much the testing process costs in terms of hours and money Who needs to be involved in the process What practices help ensure a successful validation How examples demonstrate real-world situations and solutions What the issues are with FIPS 140 What the future holds for FIPS 140 Leveraging the experience of many FIPS 140 validation projects, the authors have gathered valuable lessons learned to produce this book. It removes the clouds of uncertainty about the validation process and shines a light on the best practices to follow on the path toward success. FIPS 140 Demystified: An Introductory Guide for Developers is an essential tool to help product developers understand the complex FIPS 140 security requirements and how to complete a successful validation project.