There are varying types of certifications available to the computer professional in evaluating IT systems and some are particularly valuable to personnel involved in Web commerce activities. In this section, the IT system-related certifications that are useful in the Web commerce arena are presented and discussed.
The Common Criteria (CC) certification process is designed to measure the security confidence level of the product under evaluation. The Common Criteria and its confidence levels were described earlier in this chapter.
In the U.S., laboratories have to be certified through a national certification process to be permitted to conduct product security assessments. These laboratories are required to have annual security and quality audits to ensure they are qualified to conduct the product evaluations. Typical CC certified products include intelligent credit cards, various hardware devices, RFID modules, and firewalls.
An organization whose product has a CC certificate has an advantage over competitors that do not in selling their product. The certificate also assures the customer that the device performs as specified and carries a certification that is recognized world-wide.
All MasterCard-branded cards must go through the compliance and security testing (CAST) process and have a CAST certificate. The CAST process is designed to confirm that a smart card issued by a vendor meets MasterCard's security guidelines and is approved ...