In the world of security and Trusted Computing, many different disciplines are involved, from cybersecurity to safety certification. When considering certification or certified products, it can be difficult to understand what certifications are applicable for your end use. What aspects are covered? What documentation and/or testing is involved? Who are the accrediting bodies, and which nations and/or organizations recognize them?
This white paper provides an overview of some of the certification authorities involved in Trusted Computing, explores which disciplines they oversee, and gives guidance on when to get these certification authorities involved.
Bringing a Secure Product to Market
The process of bringing a secure product to market often begins with a Security Target document, which details the product’s security features, or its Target of Evaluation (TOE). This document specifies how critical security areas—such as hard drive encryption, key management, and secure boot—are protected. The extent of these features is dictated by the specific program’s requirements, which government agencies will outline in high-level specifications. For example, a secure boot system can range from a simple checksum validation to a complex cryptographic signature verification and decryption of all boot artifacts.
Beyond meeting domestic requirements, companies can leverage international agreements to gain broader market access. For example, the National Information Assurance Partnership (NIAP) recognizes Common Criteria (CC) schemes and Protection Profiles (PP). This allows a product to be certified once and be recognized in multiple countries, which is a major advantage for global manufacturers who sell to different nations.
Log in to download the white paper.
Steve Edwards
Director and Technical Fellow
Steve has over 25 years of experience in the embedded system industry. He leads Curtiss-Wright Defense Solutions’ efforts in addressing physical and cyber security on their COTS products and represents the company in defense related security conferences. Steve has worked collaboratively in several standard bodies, including a time chairing the VITA 65 OpenVPX, and as lead for the Sensor Open Systems Architecture (SOSA) Security Subcommittee. Steve lead the design of Curtiss-Wright’s first rugged multiprocessor and FPGA products and was involved in the architecture, management, and evangelization of the industry’s first VPX products. He has a Bachelor of Science in Electrical Engineering from Rutgers University.
Dominic Perez
Chief Technical Officer
Dominic Perez joined Curtiss-Wright in 2008 as part of the company’s Quality Department. He took an active role in product development and was part of the team that created the first small form factor (SFF) PacStar 1200-Series modules which evolved into the industry-leading PacStar 400-Series product line. In 2013, he led the Quality Systems and Networking Engineering departments, which among other responsibilities created the PacStar Secure Wireless Command Post (SWCP). He was promoted to Vice President of Systems Engineering in 2020 and tasked to lead the development of the company’s next generation of integrated solutions. In 2021, he was promoted to Chief Technical Officer and appointed a Technical Fellow at Curtiss-Wright.
Steven Petric
Senior Product Manager
The Product Manager for our data storage solutions, Steven, is a data-driven professional with over 20 years of experience bringing new offerings to market and improving existing offerings. He has a Masters in Business along with Pragmatic Marketing Certification and is a Project Management Professional (PMP).
