DIAL provides security testing services using the internationally recognized Common Criteria testing methodology.

At a national level, Information Assurance (IA) has been considered a critical issue for some time. In 1998, Presidential Decision Directive (PDD) 63 clearly articulated the threat to “cyber-based information systems”. In 2003, PDD-63 was updated by Homeland Security Presidential Directive (HSPD)-7 requiring federal agencies and departments to develop methods and technologies to protect the infrastructure. Additional guidance was provided by the National Security Telecommunications and Information System Security Policy (NSTISSP) No. 11, DoD Directive 8500.1, DoD Instruction 8500.2, and Public Law 107-314. The purpose of these was to ensure that IA related products used to process sensitive information are evaluated according to appropriate security criteria. This is a key element in protecting the critical IT infrastructure. The criteria used are known as the Common Criteria (CC).

The National Information Assurance Partnership (NIAP) has developed the Common Criteria Evaluation and Validation Scheme (CCEVS) to facilitate evaluations against the CC. There are currently nine accredited CC Testing Laboratories (CCTL) concurrently conducting approximately 200 evaluations. Since 2003, this represents an increase in the demand for evaluations of more than 500% while the number of labs available to conduct the evaluations has grown by only one, from eight to nine. Undoubtedly, due to the limited number labs there is a need for competent testing labs to perform this critical service requirement.

DIAL’s CC services include:
Selection of a Protection Profile
Evaluation/Development of a Security Target

Performing CC evaluations for EAL 1-4 (upon CCEVS approval)
Development of CC documentation