INFORMATION TECHNOLOGY SECURITY EVALUATION FACILITY (ITSEF)
|
INFORMATION TECHNOLOGY SECURITY EVALUATION FACILITY (ITSEF)
|
Version Française 
THE FULFILMENT OF YOUR REQUIREMENTS
AN ADVANCED APPROACH TO SERVE YOU
| OUR APPROACH TO SECURITY |
Since its foundation, Alliance Qualité Logiciel has been grounded on the conviction that applying a quality assurance process to software development naturally improves confidence in the implemented product.
AQLs involvement in the field of security is motivated by this conviction. A technical security policy has to lead the development and the evaluation of an IT product or system. This policy, scheduled as soon as the statement of needs, has to be carried out and its thorough application verified at each stage of the development process, and even on the operational sites. In this way, confidence is gained in the product or system through a suitable approach fitting the requirements and constraints of each project. AQLs Information Technology Security Evaluation Facility (ITSEF) is fully involved in this approach.
| OUR APPROACH TO EVALUATION |
For AQLs ITSEF, the evaluation is a partnership which intends to improve the security of Information Technology products or systems and to develop security assurance, attested by the attribution of a certificate.
This partnership, key point for successful evaluation, starts with the preparation for the evaluation. Already at this stage, we specify together all the evaluation parameters in order to define the best assurance/cost ratio and the actions to be performed in order to reach this objective.
Information interchange on a regular basis between the developers and the evaluators teams is essential all along the project progress. First of all, because it enables to anticipate some tasks and to ensure at the same time the shortest delay. Finally, because the detection of vulnerabilities in the early stages of any development, results in the elaboration of lower cost solutions.
| DEDICATED TO YOUR PROJECTS |
|
Whatever your needs are : |
|
|
with the referential of your choice : |
|
|
in your technical field : |
|
With AQLs Evaluation Facility, we commit ourselves on your side to the success of your projects
| THE FULFILMENT OF YOUR REQUIREMENTS |
AQLs Evaluation Facility members commit themselves to achieve an evaluation fulfilling your requirements. They especially commit themselves to preserve the confidentiality of the information passed on to them.
The recognition of AQLs Evaluation Facility by the SCSSI (Service Central de la Sécurité des Systèmes dInformation) is the guaranty of its ability to assure the confidentiality of your project relevant data. AQLs Facility evaluators are especially acquainted and vigilant with this matter. They adapt their methods to the confidentiality level you require.
The Evaluation Facility is based in AQLs head office, inside a security area originally conceived and built up for this purpose. A compartmentalisation is possible even on a single room basis, which is fitted out with a fully independent IT system.
AQLs Evaluation Facility takes advantage of AQLs structure, while being an independent entity of the overall company. AQL is an independent company with a capital funded by individuals.
AQL is officially authorized to work on defence-related classified projects. It applies a security policy to its organization and procedures, which are periodically audited by the relevant authorities.
| AN ADVANCED APPROACH TO SERVE YOU |
The security field is continuously soaring. To provide you with the best services, AQL keeps on being at the edge of the researches in this field. AQL specifically works on the following topics : formal methods, ciphering software, virus, electronic payment, system security, telecommunications, evaluation criteria and methods. Some of these activities are carried out in collaboration with clients.
The close relationships between AQL and research centres, standardization organizations, engineering schools and universities are opportunities to exchange knowledge such as to regularly improve the results of internal researches.
Besides, AQLs Facility has performed a lot of methodological studies in order to improve its evaluation process. Since 1992, AQLs Facility has proceeded many evaluations. During each evaluation, the evaluators contribute by their experience to the improvement of the overall evaluation process.
The Evaluation Facility also takes advantage of AQLs quality referential, an ISO 9001 certified company. The Evaluation Quality Manual is the result of a collective work between quality experts and the technical staff of the Evaluation Facility. Merging this Evaluation Quality Manual to the overall company Total Quality Manual guarantees that the quality referential is applied on a day-to-day basis and completely mastered.
| AN ADEQUATE ORGANIZATION |
In order to effectively achieve an evaluation, several skills have to be combined :
As soon as the project launch, which is entrusted to AQLs ITSEF, we build up a team combining ITSEC experts and technical experts of the field of your target of evaluation.
Our organization enables a quick response to a deliverable arrival. If the evaluation is concurrent (in parallel with the development), our work method, consisting in preparing the final tasks all along evaluation, minimizes the time between product delivery and the end of the evaluation.
| IN ORDER TO MEET YOUR NEEDS |
We can offer our services to your teams either consisting in :
| SOME OF OUR ACHIEVEMENTS |
Firewall |
ITSEC evaluation at level E4 of a firewall built out of two VME filtering devices and a monitoring station. |
CommunicationsSystems |
ITSEC evaluation of a trusted digital phone product RANCH ( Régie dAbonné Numérique Chiffrante ) at level E3. This product includes two types of ciphering terminals and servers for monitoring, interlocutors authentication and key management purposes. |
PC software |
ITSEC evaluation of a commercial product at level E2. |
Smart card reader |
ITSEC evaluation of an intelligent smart card reader (software and hardware). |
Military software |
Contribution to an experimental ITSEC evaluation of a trusted military software, at level E4. |
Smart card |
Smart card embedded software evaluation. |
Operating system |
UNIX HARRIS system evaluation : trusted UNIX system including hardware, base software (ATT System V - Berkeley interface) and network software. The main characteristics of this evaluation are
This system has been successfully evaluated in the United States against American criteria TCSEC at level B1. Its main functionalities are thus :
|
Database |
Trusted ORACLE V7 evaluation :
|
Software Engineering Environment |
Security analysis of the software engineering environment Entreprise II with a view to its evaluation :
|
Communications systems |
Preparation for the evaluation of a trusted phone product :
Preparation for the evaluation of an extension to a message handling system towards an office automation environment. |
Protection Profile |
Evaluation against Common Criteria of a Protection Profile for a firewall. |
Training |
Training about evaluation criteria within one or two days : Thomson, Gemplus, Schlumberger, Supélec, Centre dInstruction à la Sécurité des Industriels de lArmement (CISIA). |
For confidentiality reasons, some of our achievements are not detailed.
FOR ANY FURTHER INFORMATION
Please contact :
About commercial aspects : Roland PETIT
About technical aspects : Christian DAMOUR
Electronic mail : c
Drivers - TV Numérique - Intranet - Méthodes formelles - Sécurité
Accueil - AQL - Carte du site -
Copyright © 1996, 1997 - Alliance Qualité Logiciel - Dernière mise-à-jour : 10 Septembre 1997