C & A - Methodology and Metrics for Component Certification
This research has several goals: to create a Common Criteria protection profile for a target IT security component, the Naval Research Laboratory Pump, to compare the protection profile with the security target for certification, and to identify an approach for certifying and accrediting this component. It is hoped that the approach can be used to streamline the procedures used across traditional DoD organizational boundaries.

This study will explore the DoD certification and accreditation process to identify applicable metrics for analyzing the NRL Pump security component for certification. It will also evaluate the component's security level and its ability to integrate securely with other systems. The study is intended to identify the security requirements from the Common Criteria against which the component is to be evaluated in the process of certification and accreditation. It will also provide a "Road map" of documents required for certification of IT components that are to be used across traditional DoD organizational and functional boundaries.

The NRL Pump is designed to enable data transfers from low to high security levels without the generation of back-channel data that might allow compromise of classified information.