Mr. McEvilley has over 20 years combined experience in systems and requirements engineering, software design and development, system integration and testing, and formal security evaluation. He has been involved with the Common Criteria for Information Technology Security Evaluation/ISO-15408 for the last 7 years. His primary focus has been application of the CC to define and validate security requirements applicable to all phases of the life-cycle for networked and distributed systems.
Micahel provided support to the National Information Assurance Partnership (NIAP) for the development of the Common Criteria Evaluation and Validation Scheme (CCEVS). He also supported the independent efforts of the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) in the application of the CC within their respective areas of responsibility.
Michael has worked with a variety of national and international government, military and commercial organizations providing training and consulting for systems security specification development efforts. He currently supports a NIST Critical Infrastructure Protection (CIP) initiative to establish security criteria for the US Process Control Industries and supports the development of a Common Criteria Users Guide. He is supporting the Japan Electronics and Information Technology Industries Association (JEITA) initiative to establish a system evaluation methodology based upon a blending of the concepts contained in the Common Criteria/ISO 15408 and the guidance provided by ISO 17799.
Michael McEvilley
Email: michael.mcevilley@dac.us