Noblis is active in evaluation of the security properties of hardware and software systems, spanning the range from single point products through operating system level evaluations. Some of these evaluations are performed according to the Common Criteria methodology for product evaluations and others are suitability evaluations that are performed to ensure that a product is capable of performing a task without compromising security.

Noblis has validators that work for the NSA's Common Criteria Evaluation and Validation Scheme (CCEVS), performing oversight of commercial evaluation facilities that are charged with evaluating the security capabilities of commercial off-the-shelf products. Noblis staff have built evaluation testing artifacts and written training materials that have been used to teach validation bodies in several countries how to perform Common Criteria evaluations. Noblis developed the high assurance evaluation methodology used by the Japanese evaluation scheme to evaluate products at EAL 5 and above. Noblis has experience with both informal and formal software security analysis.

For CCEVS, Noblis staff participates in a board that reviews issues and questions raised during product evaluations, providing precedent-setting decisions on how those issues should be resolved.

For a government client, Noblis performed an assessment of the impact on network security if new technology investments to replace obsolete equipment were delayed.

As an example of Noblis activities in suitability evaluation, a common challenge in security engineering is to find a way for an agency to be able to publish and distribute sensitive documents while protecting them. Noblis performed a task for an agency which needed to insure that the contents of sensitive documents were not leaked to people who were not authorized to view them. Several different organizations have similar problems—those who handle classified information and agencies that handle proprietary documents are included. For example, agencies that perform oversight of commercial companies need to collect information from those companies and must have a way to protect that information from disclosure.

Having researched ways to provide document control, the agency needed assistance in selecting a product to implement. The product information that was available was inadequate to support selecting one product over another.

Noblis worked with the agency to understand the problems that they were trying to solve. The agency considered the use of self-protecting document technology - documents that implement measures to prevent disclosure—but there were a number of different products that they needed to consider. Each of these claimed to be a solution for the protection problems, making it difficult to determine what product to use.

Noblis was asked to perform an in-depth study of each of the available self-protecting document products and to produce a whitepaper that described the features, benefits, advantages, and drawbacks of each of these products. Noblis worked with each of the vendors to obtain technical details of the products which were used in the creation of the whitepaper. This paper presented the details of each of the competing products in a simplified form, allowing the agency to more easily contrast the proposed solutions. This allowed the agency to make an informed selection of a product to use.

As a result of this work, the agency was able to select and procure a product from the best available vendor. Noblis worked with the acquisition team to help compare and contrast the available products. Noblis is uniquely positioned to provide such support given the fact that Noblis does not form allegiances with vendors. Noblis is able to provide unbiased, impartial answers to product questions. This model of technical evaluation has been successfully used by Noblis in support of other agencies and other products.