Lab certified to test security software

The government has certified CygnaCom Solutions Inc.'s Security Evaluation

Laboratory to test information security software based on international

criteria established to assure users that security products perform the

functions that vendors claim.

The laboratory accreditation, announced Monday, comes from the National

Infrastructure Assurance Partnership (NAIP), a collaboration of the National

Institute of Standards and Technology and the National Security Agency.

The partnership oversees the certification of laboratories and testing of

products under the Common Criteria evaluation and validation program, an

international standard that experts are encouraging civilian agencies to

consider when purchasing security products.

National security agencies already are required to give preference to

products that have been accredited under the Common Criteria scheme. NIST

in March issued a set of draft guidelines suggesting that civilian agencies

give weight to products that have been accredited under the scheme. Final

guidelines are due out later this year.

The CygnaCom laboratory is accredited under the NIST National Voluntary

Laboratory Accreditation Program to perform testing for all four levels

of evaluation assurance available under the scheme.

A full list of Common Criteria testing laboratories is due out this

week on the NIAP Common Criteria site.