LEO's Security Evaluation Facility



Functional Components Description

The Leonardo Security Evaluation Facility (LVS) is operational since 2017 following the incorporation into Leonardo of the pre-existing Consorzio RES LVS (active since 1997), in response to the ICT market growing needs in the framework of security processing and maintenance of electronic data.

Consorzio RES operates in accordance with the international standards ISO/IEC IS-15408 (Common Criteria) and ISO/IEC 27001 (ex BS 7799)

LVS, qualified by the Information Security Certification Body (Organismo di Certificazione della Sicurezza Informatica – OCSI), the meets following requirements:

  • Ability to guarantee impartiality, independence, confidentiality and objectivity that regulate the evaluation process

  • Availability of premises and assets to carry out the security evaluation in the field of Information Technology

  • Ability to monitor the compliance with security and quality measures foreseen for the security evaluation process

  • Availability of skilled personnel on the evaluation criteria and in general on IT security issues. This personnel is qualified by the Security Certification Body to conduct evaluation and assistance activities for the purposes of security evaluation process


Services provided

LVS operates as:

  • Security Evaluation Facility qualified by OCSI

  • Global Consultant in the physical, organizational and ICT security

  • ICT consultant for military security certifications (consistently with the national certification schemes).

The LVS also carries out training and consultancy activities to support the customer in addressing the processes of evaluation and certification In particular, it deals with:

• definition of the security documentation during the preparation fase of the evaluation;

• analysis of the ST/ToE/PP (Protection Profile) to verify if it is evaluable

• training on general security issues in the information technology environment and, in particular, on evaluation techniques

To guarantee impartiality, independence, confidentiality and objectivity in the evaluation process, LVS consultants that provide assistance to a supplier or customer for the evaluation of a ToE or part of it, cannot participate as evaluator in the same process. LVS is able to offer a complete security assessment, not limited to the evaluation process, including security risk assessment, security requirements definition and their formalization in the ST and the definition of the whole documentation necessary to face the evaluation process.


Keywords

Security evaluation, civil, military


Services

  • Security Evaluation Facility qualified by OCSI

  • Global Consultant in the physical, organizational and ICT security

  • ICT consultant for military security certifications (consistently with the national certification schemes).

  • Training and consultancy activities to support the customer in addressing the processes of evaluation and certification

  • Definition of the security documentation during the preparation fase of the evaluation;

  • Analysis of the ST/ToE/PP (Protection Profile) to verify if it is evaluable

  • Training on general security issues in the information technology environment and, in particular, on evaluation techniques


Technical equipment

  • Laboratory

  • ISO27001 perimeter

  • Specialized SW

  • "Design for Certification Methodology"


Use request

-