Strategic High Assurance Support for Honeywell International
The Challenge: Addressing COTS IT Assurance in an Environment Already Inundated with High Assurance
Honeywell was in the middle of the development cycle for an aircraft avionics system and on-board networking system. This is high assurance at its highest. These components cannot fail. Compliance to strict assurance standards is baked into the development process.
There are specific safety assessment processes. There are network security processes defined by the FAA. There are safety guidelines and certification considerations that are broader and deeper than the Common Criteria. On top of these, there the Risk Management procedures discussed in NIST 800-30 and implemented with the self-assessment guide defined in NIST 800-26. It's the perfect storm of high assurance for point products and the system.
The FAA required evidence to address the functional and assurance claims of the system in Common Criteria language. The Common Criteria is flexible enough to handle this, but making it happen in this high assurance environment is not trivial to say the least.
The Apex Advantage: The Ability to Digest Large Quantities of Complex Information and Present an Actionable Work Plan
Apex Assurance Group was hired to help Honeywell understand the Common Criteria and its role in assurance. After leading an intense training session to audience members already well-versed in the world of high assurance, we were tasked with an action plan to map aviation-specific assurance programs to the Common Criteria methodology and deliver documentation to address the gaps, overlaps, and mapping of functional and assurance requirements
Apex brought unique experience to the project:
- Working knowledge of high assurance C&A processes
- Familiarity with mobile networking technology
- Past performance in NIST 800-30-based initiatives
- Ability to digest and translate lengthy, complex certification standards and processes
- Solid project management approaches to set an action plan for success
The Result: Clear Documentation to Satisfy Our Customer and Their Customers' Needs
There is no formal Common Criteria certificate for this effort, as the high assurance practices of the other industry-specific standards superseded the need for a tangible Common Criteria certificate. We stepped out of our comfort zone of traditional COTS security appliances and software products to play a very small part of the design and certification processes of a new avionics system and mobile networking system.
What can Apex Assurance do to take your product to new heights add value to the assurance of your products?