CAPEC Compatibility Program
CAPEC Compatibility Program
Introduction
The CAPEC Compatibility Program is a formal review and evaluation process for organizations wishing to declare their information security products and services as CAPEC-Compatible and have them formally evaluated.
Compatible products and services, as well as those working towards compatibility, will be posted on the "CAPEC-Compatible Products and Services" page on the CAPEC Web site and included on handouts at information security and related tradeshows and events at which MITRE exhibits CAPEC (see the CAPEC Calendar).
The formal CAPEC Compatibility Program includes three phases: Declaration and Evaluation.
Phase 1 – Declaration Phase
The Declaration Phase requires the completion of a short informational "CAPEC Compatibility Declaration Form" used to register an organization's declaration of intent with respect to CAPEC compatibility. In this phase you are asked to review the compatibility requirements and then make a statement regarding whether your organization believes that its product or service currently fulfills the compatibility requirements, or if your organization is working towards fulfilling the requirements. This phase of the CAPEC compatibility process does not result in an official evaluation or assessment by MITRE; rather, MITRE only reviews the declaration. As long as the products or services are commercially or publicly available, the declaration and an endorsement quote from you (if desired) is posted on the CAPEC Web site.
Phase 2 – Evaluation Phase
The Evaluation Phase requires completion of Phase 1 with "yes" as the answer for support of CAPEC output, CAPEC searchable, and CAPEC documentation. You must also complete an extended "CAPEC Compatibility Requirements Evaluation Form" that is a more extensive CAPEC-compatible formal review and includes several evaluation activities. You will also receive the "Compatible Product/Service Organization Welcome Kit" with items for your Web site.
This formal evaluation process includes a "branding program" and logo to indicate successful completion of the compatibility portion of the compatibility evaluation. A major component of this phase requires specific details about how your organization has satisfied each of the mandatory requirements in the Requirements and Recommendations for CAPEC Compatibility document. The Phase 2 "CAPEC Compatibility Requirements Evaluation Form" also requires the signature of an authorized representative of your organization. Additionally, you must provide the CAPEC Team at MITRE with copies of the CAPEC-related user documentation for your product or service and information from your capability that shows how it maps CAPEC identifiers to your capabilities analysis results or outcomes.
Your organization's statements and documents will be evaluated and the CAPEC Team at MITRE will arrange to verify the accuracy of the mapping between CAPEC identifiers and the weakness entries in your organization's underlying data repository. Upon completion of the evaluation of your organization's detailed statement describing how your product or service fulfills the requirements for CAPEC compatibility, that statement will be posted on the CAPEC Web site for public review. Upon the successful completion of the mapping accuracy review we will post MITRE's concurrence with your organization's statement by awarding you official CAPEC Compatibility status. MITRE will then provide you with the special CAPEC-Compatible logo and formally give you permission to use the CAPEC-compatible logo and term "CAPEC-Compatible" on your Web site, literature, product packaging, in communications with the press, etc.
Contact and Submission Instructions
To begin the registration process, review the official CAPEC Compatibility Program detailed above then send an email to capec@mitre.org requesting the Declaration Form along with your company name and contact information, the type of product, and the name of the product or service.
You will receive specific instructions for completing and submitting additional information as the process continues.
More information is available — Please select a different filter.
|