EA took part in the International Common Criteria Conference (ICCC), the leading forum for the community of professionals involved in Common Criteria (CC), a certification scheme about the compliance of security requirements of ICT products on November 16th, 2022.
On behalf of EA, Rosalina Porres, Head of the ICT Area in ENAC, the Spanish national accreditation body, addressed the applicable requirements for conformity assessment bodies operating in the EUCC (both for certification bodies and for testing laboratories) and the actions developed by EA as part of the National Accreditation Bodies preparation for the implementation of the EUCC.
During the question-and-answer session that followed her presentation, attendees raised questions about EA’s recommendation to modify the applicable accreditation standard for some activities (ISO/IEC 17065 instead of ISO/IEC 17025) or about EA’s peer evaluation process.
For further information, please check the mentioned presentation.
European cybersecurity certification
EUCC is a cybersecurity scheme developed by ENISA, the European Union Agency for Cybersecurity, within the framework of the Cybersecurity Act. It will replace the current European SOGIS mutual recognition agreement (Senior Officers Group for Information Systems), which recognises product safety certificates in the European Union. The Common Criteria provide a standardised set of requirements for the safe functionality of IT products and for delivering confidence regarding the measures applied to these IT products during a security evaluation. These IT products may be implemented in hardware, firmware, or software.
Certification of integrated circuits and smartcards is one of the most common applications for CC, which contributes to delivering a higher level of confidence about the security of electronic signature devices (passports, banking cards, or tachographs for lorries, among others).
Despite being the most advanced scheme, EUCC is not the only cybersecurity certification scheme currently being developed at a European level. The EU Certification Scheme on Cloud Services, EUCS, or the EU 5G Scheme are some of the others