This content has been marked as final. Show 3 replies
can you expand on why you were disappointed? CCTM is an odd certification, it doesn't really add anything to the more extensive FIPS/CC certs, and it strangely expires, even though the product and claims don't change.
If a set of claims were validated to be true against a particular product - why would they be untrue some time later?
I said dissapointed because we are creating a managed encryption solution for our schools to adhere to BECTA (UK Government's lead agency for information and communications technology (ICT) in education) best practice guidance. One of the BECTA recommendations is CCTM CESG; when we saw the CCTM EAL4 Mode Operation Certification of the product it was one of the reasons we chose MEE. I realise now I am probably confused between two different certifications anyway :-o
I guess cctm expires because the software could change from release to release so they feel it should be regularly certified or maybe they make money form the scheme. Either way I think McAfee should maintain the cctm certificate, it seems like you'd have to as a minumum to sell to uk govt depts now...