AOH :: ISNQ5357.HTM

DSD approval clears NZ path for Blackberry, Windows Mobile




DSD approval clears NZ path for Blackberry, Windows Mobile
DSD approval clears NZ path for Blackberry, Windows Mobile



http://computerworld.co.nz/news.nsf/scrt/3BFB22DAB18A7134CC25740B0019DB6C 

By Darren Pauli Sydney 
Computerworld
14 March, 2008

The Blackberry and Windows Mobile platforms have both received 
accreditation from the Australian Defence Signals Directorate, clearing 
the way for broader adoption of the platforms in New Zealand government.

The latest Blackberry and Windows Mobile Platforms received 
accreditation after a record year-long assessment to meet the Defence 
Signals Directorate's (DSD's) Common Criteria certification.

Speaking at the 2008 ID and Access Management Summit in Sydney, DSD 
assistant secretary for information security Robert Campbell said the 
record speed was achieved because the vendors worked closely with the 
DSD and put their products through extensive security testing.

"Security flaws slow down evaluation because the product solutions have 
to be sent back to be fixed," Campbell said.

"[Vendors] should work as closely as possible with the DSD and the 
laboratories assessing the product to get accreditation as soon as 
possible."

Australia's DSD performs most of the product accreditation for the use 
of communications technologies in New Zealand as well as Australia. The 
directorate has also released a guide [1] for users on the "hardened" 
deployment of the Blackberry.

Campbell said Microsoft and Blackberry were quick to rectify security 
flaws and sought technical support from the DSD.

He urged vendors to submit products only after rigorous testing and 
recommended submitting through the lowest appropriate accreditation 
level to speed-up review.

Perth-based software company Secure System achieved top secret 
accreditation for its Silicon Disk Encryption product and won a contract 
with the Department of Defence, after it redesigned the product under 
close guidance from the DSD.

Consumer guidelines have been added to the Common Criteria to simplify 
the technical target lists that explain why products have been 
accredited.

The guidelines show consumers which element of solutions have been 
accredited, since uncertified solutions can be listed under the 
criteria's accredited product lists by passing only one component 
through the evaluation process.

"A VPN and firewall can be passed and listed on the product lists by 
evaluating the firewall alone," Campbell said.

Wireless technology and converged communications have been added to the 
ACSI 33 assessment lists; however, accreditation of biometric technology 
has been stymied by uncertainty and flaws.

Campbell said the technology will be more suited to the common criteria 
list once it is better understood by the DSD.

Most of the few biometric tools assessed by separate internal 
methodologies were passed only after arduous security updates or entire 
rebuilds. A single camera iris scanner was rejected after the DSD 
discovered users could breach identities by tilting their heads.

Biometric products are assessed for database security, integrity of hash 
lists, and biometric templates.

Campbell said the DSD security manual, ACSI 33, follows principle rather 
than rule, and urged industry to submit recommendations for its 
assessment criteria.

[1] http://www.dsd.gov.au/library/index.html#05 


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 

Site design & layout copyright © 1986-2014 CodeGods