Common Criteria Day Agenda 2025
Common Criteria Day is a one-day workshop presented May 5 in conjunction with the CSfC Conference, providing industry professionals an overview of the current status, and future outlook of Common Criteria, the cybersecurity framework that underpins CSfC.
Part of a 3-Day Focus on DIB Product Certification
Events include Monday, May 5: Common Criteria Day, CMMC Day Tuesday, May 6: CSfC Conference Wednesday, May 7: DoDIN APL Day.
One-Day, Two-Day and Three-Day Discount Registration is available.
Monday, May 5
Salon G
08:00-09:00 Registration
09:00 – 10:30 Conference Session
Introduction & Overview (R00)
Moderator: Ozzie Saeed, Founder & CEO, IntelliGRC
09:00 | CC in the Market Today (R00a) Michael F. Angelo, Distinguished Technologist, OpenText Corporation
This talk will provide a unique perspective on the current state of CC in the U.S. It will also look at CC developments in the EU and Pacific Rim. This information changes the perspective on CC and provides valuable insight into how companies can use CC to integrate with other certifications, including Cloud (SaaS), SOC 2, ISO 27001, FedRAMP, Protect B, and more. In short creating a win/win for government and industry.
09:30 | Global Trends in Common Criteria (R00b) Adam Golodner, Managing Partner, AMG Global Cyber Law
Updates on international Mutual Recognition Arrangements (MRAs) and the impact of European cybersecurity regulations on US certifications.
10:00 | Maybe The Criteria Isn’t So Uncommon After All (R00c) Jussipekka Leiwo, Product Cyber Security Strategy Consultant, DNV Cyber
Changes in the international use of Common Criteria, changes in the industry and standards, and meaningful strategies to meet the certification requirements of different markets.
10:30-11:00 Networking Break in Exhibits
11:00-12:30 Conference Session
CC in Practice (R01)
Moderator: Todd Birckner, Director, Process Improvement, Business Transformation Institute (BTI)
11:00 | The Common Criteria Evaluation Process (R01a) Chris Gugel, Lab Director, Booz Allen Hamilton
Step-by-step breakdown of the certification process. Tips for vendors navigating evaluations.
11:30 | Panel Discussion: The Role of Common Criteria in the DIB (R01b) Leader: Felipe Fernandez, CTO, Fortinet Federal; Panelists: Kevin Micciche, CISSP, Senior Manager, Product Trust and Assurance, Hewlett Packard Enterprise; Joshua Anzaroot, Principal, JLS Consulting Group; Jussipekka Leiwo, Product Cyber Security Strategy Consultant, DNV Cyber; Michael F. Angelo, Distinguished Technologist, OpenText Corporation
Expert panelists will discuss the import role of Common Criteria and current challenges faced. Topics include:
- Security Assurance for Defense Systems
- Alignment with DoD & NSA Requirements
- Interoperability & Supply Chain Trust
- Compliance with Other Standards
- Supporting International Collaboration
- Reducing the Burden on Vendors & Accelerating Acquisition
12:30–13:30 Lunch in Exhibit Area
13:30-15:00 Conference Session
Lessons, Communities, & Trends (R02)
Moderator: Robert Ashcroft, Partner, CMMC Solutions
13:30 | Lessons Learned from Recent Certifications (R02a) Justin Fisher, Common Criteria Laboratory Director, Leidos
Case studies from recently completed Common Criteria evaluations. Discussion on challenges, best practices, and unexpected roadblocks.
14:00 | CCUF and the Role of Technical Communities (R02b) Brian Wood, Program Manager for Security Certifications, Google
Technical communities play a crucial role in developing Protection Profiles (PPs), refining evaluation methodologies, addressing emerging threats, and balancing security rigor with commercial feasibility.
14:30 | Mapping Common Criteria to Other Compliance Frameworks (R02c) Anne Gugel, Principal Cybersecurity Engineer, Johns Hopkins University APL
Understanding overlaps between Common Criteria, FedRAMP, CMMC, and CSfC. Strategies for reducing duplication of effort in compliance.
15:00-15:30 Networking Break in Exhibits
15:30-17:00 Conference Session
CC Innovation & Outlook (R03)
Moderator: Kevin Mann, President, Resilient IT
15:30 | What’s Next for Common Criteria? (R03a) Shaunak Shah, Lab Manager, Common Criteria, Intertek Acumen Security
Predictions on upcoming policy changes and industry adaptation strategies.
16:00 | Panel Discussion: Common Criteria & US National Security Priorities (R03b) Leader: Tom Benkart, Director of Cyber Certifications, ID Technologies, A CACI Company; Panelists: Shaunak Shah, Lab Manager, Common Criteria, Intertek Acumen Security; Ed Morris, Lab Director, Gossamer Security Solutions; Kristy Knowles, Security Research Engineering Technical Leader, Cisco; Kenneth Lasoski, Federal Compliance Director, Versa Networks
Predictions on upcoming policy changes and industry adaptation strategies.
This expert panel will explore the intersection of Common Criteria certification and US national security priorities, examining how CC supports initiatives like the NSA’s CSfC program, the DoDIN APL, and supply chain risk management. Topics include:
- The role of Common Criteria in securing U.S. military and government networks.
- How CC certification aligns with CSfC, DoDIN APL, CMMC, and FedRAMP.
- The impact of emerging cybersecurity threats on certification requirements.
- Challenges vendors face in achieving Common Criteria certification for national security applications.