Countermeasure Characterizations Building Blocks for Designing Secure Information Systems

The Assurance Working Group (AWG) within the IA Program studied a number of issues relating to the design and analysis of secure systems. A principal element of this work was to understand how to select and integrate countermeasures to form secure systems. It was found that one of the biggest failures of the existing design process was that there was a lack of information about what countermeasures did, how they did it, and how they depended on their operational environment. The Common Criteria documentation provided this information, but the documentation was formal and voluminous. A number of factors led the AWG to adapt an abbreviated format and data description referred to as the Countermeasure Characterization (CMC) containing much of the same information required by the Common Criteria. The countermeasure documentation resulting from the application of CMC data description and format not only supports the system designer, but the thought process necessary to produce it gives the countermeasure developer a better understanding of the environment in which the product must operate.