atsec与BlueSpace合作开展Trusted Client Framework的CC评估

2008-03-27

Austin, TX - Austin-based IT company BlueSpace has chosen atsec information security as their partner for the future Common Criteria evaluation of the Trusted Client Framework. With the support of atsec who have a reputation for on time delivery and providing high quality service especially for complex and high assurance evaluations, BlueSpace will produce a Security Target in order to define the "Target of Evaluation" for the Trusted Service Bus. BlueSpace intend to evaluate their product using Common Criteria 3.1 at assurance level EAL 5, which will specify a semi-formal evaluation including the medium level robustness requirements and a methodical vulnerability analysis.

Klaus Weidner, Principal Consultant for atsec, comments:"The Trusted Client Framework uses a core trusted component which connects mutually isolated, single-level application services to provide what appears to the user to be an integrated multi-level application. This makes it feasible to pursue a high assurance level with minimized security testing and accreditation footprint."

The Trusted Client Framework can be used to create multi-level secure end user applications, leveraging the Trusted Service Bus, with web 2.0 interfaces for Firefox on Solaris 10 TX and the Sun Ray desktop.

Ed Bryant, Technical Director at UCDMO, commented: "I see the BlueSpace application taking advantage of the multi-level capabilities of currently deployed multi-level clients, and this type of critical capability is needed to meet information sharing requirements."

atsec is one of only four companies worldwide with multiple evaluation labs accredited to perform evaluations under more than one national scheme. atsec labs have been accredited by NIAP CCEVS in the U.S., BSI in Germany and CSEC in Sweden to perform evaluations using the Common Criteria standard. Eligibility to perform evaluations under three national schemes and the availability of a large staff of qualified evaluators enable atsec to offer its customers both maximum flexibility and proven expertise and experience in Common Criteria evaluations. For more information about atsec's qualifications and competence, see www.atsec.com. For independent confirmation of atsec's competence and reputation, visit the NIAP, BSI or CSEC websites.

About atsec information security
atsec information security is an independent, standards-based information technology security services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich (Germany) in 2000 and has extensive international operations with offices in the U.S., Germany and Sweden.
atsec offers evaluation and testing services leading to formal certification for IT security including evaluation under Common Criteria schemes in the U.S., Germany, and Sweden; cryptographic module and algorithm testing under the Cryptographic Module Validation Program of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada; and compliance validation to the Payment Card Industry (PCI) Data Security Standard.
atsec also offers secure code review, ISO/IEC 27001 ISMS consulting, and penetration testing and scanning services.
atsec works with leading global companies such as IBM, HP, Oracle, Cray, BMW, SGI, Vodafone, Swisscom, RWE, and Wincor-Nixdorf.

About BlueSpace
BlueSpace is an enterprise software company based in Austin, Texas that provides electronic messaging and mail software as well as multi-level secure (MLS) middleware to enable MLS applications.In addition to messaging products, BlueSpace also provides a Trusted Client Framework that facilitates the development of multi-level applications and interfaces for the defense and intelligence communities. This framework leverages Sun Microsystems's Solaris 10 with Trusted Extensions and the Sun Ray multi-level desktop, allowing MLS web 2.0 'mashups' delivered via the Firefox browser.