21-23 October | Central Park Hotel Songdo, Korea

ICCC23 Agenda

Tuesday 31 October

08:00 - 09:00 Registration

Ballroom Foyer

09:00 - 10:15 Plenary Keynote Session

Grand Ballroom ABC

09:00 Introduction & Welcome (P10a) Wouter Slegers, Program Director, ICCC and CEO, TrustCB, Netherlands

09:10 Government Keynote (P10b) David Luber, Deputy Director, Cybersecurity Directorate, National Security Agency (NSA), United States

09:40 Industry Keynote: The Only Constant is Change (P10c) Mary Ann Davidson, CSO, Oracle, United States

10:15 - 11:00 Networking Break in Exhibits

Ballroom Foyer
(Exhibits Open)

11:00 - 12:45 Plenary Conference Session

Grand Ballroom ABC

11:00 CCDB/CCMC Update (P11ab) Jon Rolf, Director, National Information Assurance Partnership (NIAP), National Security Agency (NSA), United States; Tiziano Inzerilli, Agenzia per la Cybersicurezza Nazionale Organismo di Certificazione della Sicurezza Informatica, Italy


11:30 CCUF Update (P11c) Petra Manche, Common Criteria Manager, Cisco and CCUF Management Group Chair, United Kingdom


11:45 Plenary Panel Discussion: EUCC (P11d) Leader: Jose Ruiz Gualda, CTO, jtsec Beyond IT Security, Spain; Philippe Blot, Head of Sector Certification, ENISA, Greece; Elżbieta Andrukiewicz, ITSEF Manager, National Institute of Telecommunications, Poland; Monique Bakker, Senior Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands; Franck Leroy, Chief Conformity Officer, IN Groupe, France [60MIN]

12:45 - 14:15 Lunch in Exhibit Area

Ballroom Foyer

14:15 - 15:15 Track Sessions

Ballroom A
Advances in the Use of CC (A12)
Biometrics
Moderator: Miguel Bañón, Independent Consultant, Convenor, ISO/IEC JTC 1/SC 27/WG 3, Spain

14:15 Spanish Initiatives on the Security Evaluation and Certification of Biometric Products (A12a) Belen Fernandez, Certifier, CCN, Spain


14:45 Biometrics iTC Status update (A12b) Brian Wood, Program Manager, Google, United States

Ballroom B
Updates from Schemes and iTCs (U12)
Scheme Updates
Moderator: Petra Manche, Common Criteria Manager, Cisco and CCUF Management Group Chair, United Kingdom

14:15 U.S. Scheme Update (U12a) Jon Rolf, Director, National Information Assurance Partnership (NIAP), National Security Agency (NSA), United States


14:45 Spain Scheme Update (U12b) Luis Fernandez, Certifier, CCN, Spain

Ballroom C
Meeting Customer Requirements (M12)
Vulnerability Handling
Moderator: Rob Huisman, Lead Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands

14:15 Panel Discussion: Vulnerability Handling and Disclosure, Assurance Continuity Processes (M12a) Leader: Matthias Intemann, Head of Certification, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; Dan O’Loughlin, VP Engineering, Qualcomm Technologies, United States; Javier Tallón, Co-Founder & Chief Operations Officer & Technical Director, jtsec Beyond IT Security, Spain; Henry Tan, Deputy Director/Cybersecurity Certification Centre, Cyber Security Agency (CSA), Singapore [60MIN]

15:15 - 15:45 Networking Break in Exhibits

Ballroom Foyer

15:45 - 17:15 Track Sessions

Ballroom A
Advances in the Use of CC (A13)
Hardware Attacks
Moderator: Markus Bartsch, Business Development IT Security, TUV Informationstechnik GmbH, Germany

15:45 Rock Around the Hardware Attack Automation (A13a) Guillaume Vinet, Security Analyst, eShard, France


16:15 Common Criteria Vulnerability Quotation System versus High-Order Side-Channel Attacks (A13b) Sylvain Guilley, CTO, Secure-IC, France


16:45 CC 2022 in Action: Securing Cryptographic Protocols and Their Implementations (A13c) Ritu Ranjan Shrivastwa, Certification and Standardization Program Manager, Secure-IC, France

Ballroom B
Updates from Schemes and iTCs (U13)
Scheme Updates
Moderator: Miguel Bañón, Independent Consultant, Convenor, ISO/IEC JTC 1/SC 27/WG 3, Spain

15:45 NL Scheme Update Including EUCC (U13a) Glenn Wever, Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands


16:15 Germany Scheme Update (U13b) Fritz Bollmann, Head of Software Certification, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany


16:45 Assurance Continuity—Filling the Gap Between Maintenance and Re-certification (U13c) Christian Krause, Certifier, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany

Ballroom C
Meeting Customer Requirements (M13)
Certificates
Moderator: Rob Huisman, Lead Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands

15:45 2023 CC Statistics Report “Has Common Criteria Reached Its Peak?” (M13a) Jose Manuel Pulido Carrillo, Consulting Leader and Senior Evaluator, jtsec Beyond IT Security, Spain


16:15 Panel Discussion: Challenges to Common Criteria Mutual Recognition (M13b) Leader: Robert Harland, Common Criteria Operations Manager, Canadian Centre for Cyber Security (CCCS), Canada Panelists: Jon Rolf, Director, National Information Assurance Partnership (NIAP), National Security Agency (NSA), United States; Rob Huisman, Lead Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands; Matthias Intemann, Head of Certification, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; Robert Lee, Senior Assistant Director, Cyber Security Agency (CSA), Singapore [60MIN]

17:15 - 19:15 Welcome Reception in Exhibits

Ballroom Foyer

Starting at 17:45

2023 Common Criteria Certificate Presentation Ceremony (P14) London Room  Host: Robert Clemons, Independent Consultant, United States 

Participants will have the opportunity to be photographed receiving their CC certificates from the national schemes. Click here for complete information.

19:15 - 21:15 Dine-Around DC

Enjoy an informal group dinner at Cube Libre Restaurant with your ICCC colleagues on Tuesday, October 31. This is an optional add-on to the 3-day conference registration. For an additional fee you can reserve your seat for a prix-fixe dinner at a group table. Reserve early—seating is limited. On site, you’ll meet your group at 19:15 at the conference registration desk and depart from there.

Wednesday 1 November

08:00 - 09:00 Coffee in The Exhibits

Ballroom Foyer

09:00 - 10:30 Track Sessions

Ballroom A
Advances in the Use of CC (A20)
Cloud
Moderator: Thomas Billeau, Director – Head of SE Security Certification, NXP Semiconductors, Germany

09:00 Update on the Common Criteria in the Cloud Technical Working Group (A20a) Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States


09:30 Experiences Evaluating Cloud Services and Products (A20b) Javier Tallón, Technical Director, jtsec Beyond IT Security, Spain


10:00 Silver Linings: Cloud Seeding for Common Criteria (A20c) Brandon Harvey, Principal Security Analyst, Oracle, United States

Ballroom B
Updates from Schemes and iTCs (U20)
EUCC Updates
Moderator: Jose Ruiz Gualda, CTO, jtsec Beyond IT Security, Spain 

09:00 Update on EUCC (U20a) Philippe Blot, Head of Sector Certification, ENISA, Greece


09:30 Possible Evolution of the EUCC (U20b) Philippe Blot, Head of Sector Certification, ENISA, Greece


10:00 Implementation of and Transition to EUCC (U20c) Wouter Slegers, Program Director, ICCC and CEO, TrustCB, Netherlands

Ballroom C
Cybersecurity Certification Schemes Landscape (L20)
CC:2022
Moderator: Angela Soum, National Information Assurance Partnership (NIAP), United States

09:00 Multi Assurance/Assurance Profiles Evaluation Paradigm: Modularity and Composition Models in CC: 2022 (L20a) Jose Emilio Rico, Business Development and Strategy, DEKRA Testing and Certification S.A.U., Spain


09:30 ISO/IEC 15408:2022 Moving Forward (L20b) Leader: Miguel Bañón, Independent Consultant, Convenor, ISO/IEC JTC 1/SC 27/WG 3, Spain; Kwangwoo Lee, Security Architect, HP, South Korea; Susanne Pingel, Certifier, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; Carolina Lavatelli, CTO & Founder, Internet of Trust, France [60MIN]

10:30 - 11:00 Networking Break in Exhibits

Ballroom Foyer

11:00 - 12:30 Track Sessions

Ballroom A
Advances in the Use of CC (A21)
Cloud
Moderator: Erin Connor, Consultant, Daideo Consulting, Canada

11:00 Mobility in Cloudy Weather: Evaluating Cloud Products using NIAP’s Mobile Device Management PP (A21a) Jade Stewart, Portfolio Manager, National Information Assurance Partnership (NIAP), United States


11:30 Panel Discussion: Common Criteria in the Cloud (A21b) Leader: Erin Connor, Consultant, Daideo Consulting, Canada; Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States; Michael Angelo, Chief Security Architect, OpenText, United States; Anne Gugel, Principal Cybersecurity Engineer, Johns Hopkins University APL, United States; Justin Fisher, Senior Security Assurance Engineer, Leidos, United States

Ballroom B
Updates from Schemes and iTCs (U21)
Scheme Updates
Moderator: Hitoshi Matsumoto, JISEC IPA, Japan

11:00 Japan Scheme Update (U21a) Toru Hashimoto, Assistant Manager, IPA, Japan


11:30 Australian Common Criteria Scheme Updates (U21b) Hin Chan, Manager – Australian Certification Authority (ACA), Australian Cyber Security Centre, Australia


12:00 Evolution of Malaysia Common Criteria (U21c) Amiroul Farhan Roslaini, Analyst, CyberSecurity Malaysia, Malaysia

Ballroom C
Cybersecurity Certification Schemes Landscape (L21)
CC:2022
Moderator: Alan Sukert, HIT Chair, IEEE-ISTO Printer Working Group, United States 

11:00 ISO/IEC 15408:2022 Moving Forward, Continued (L21a) Leader: Elzbieta Andrukiewicz, ITSEF Manager, National Institute of Telecommunications, Poland; Kwangwoo Lee, Security Architect, HP, South Korea; Miguel Bañón, Independent Consultant, Convenor, ISO/IEC JTC 1/SC 27/WG 3, Spain; Susanne Pingel, Certifier, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany


11:30 CC:2022 – How it Compares and Differs from CC3.1R5 (L21b) Trang Huynh, CC Lab Manager, atsec information security corporation, United States


12:00 Practical Transition from CCv3.1 to CC: 2022 (L21c) Wouter Slegers, CEO, TrustCB, Netherlands

12:30 - 13:30 Lunch in Exhibit Area

Ballroom Foyer

13:30 - 15:00 Track Sessions

Ballroom A
Advances in the Use of CC (A22)
Composition and PPs
Moderator: Petra Manche, Common Criteria Manager, Cisco and CCUF Management Group Chair, United Kingdom

13:30 Challenges in the Adoption of CC:2022 for Protection Profiles, PP Modules and Functional Packages (A22a) Alejandro Masino, Senior Security Consultant, atsec information security corporation, United States


14:00 PP-Modules and the Growth of Requirements—Will Decomposition Be a Boon or a Bane? (A22b) Brian Wood, Program Manager, Google, United States


14:30 Differences Between NDcPP v.2.2e and v.3.0 (A22c) Shaunak Shah, CCTL Manager, Intertek Acumen Security, United States

Ballroom B
CC in New Domains (D22)
AI
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States

13:30 Innovating CC: The Use of ChatGPT in Drafting Protection Profiles and Security Targets (D22a) Roland Atoui, Managing Director, Red Alert Labs, France


14:00 Challenge of CC in New Technology: Experience in Evaluating AI Using Common Criteria (D22b) Lex Schoonen, SGS Brightsight, Netherlands; Thomas Jorgensen, SGS Brightsight, Netherlands


14:30 Evaluation of Evaluation Facilities (D22c) Jürgen Blum, Policy Officer, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany

Ballroom C
Meeting Customer Requirements (M22)
Cryptographic Standards
Moderator: Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States

13:30 Customer-Provided Entropy Provision for Virtual Machines in Hypervisor Environments (M22a) Rumman Mahmud, Staff 2 Security Compliance Engineer, VMware, Inc., United States


14:00 Panel Discussion: Evolution of the Cryptographic Standards Ecosystem (M22b) Leader: Graham Costa, Co-Editor ISO/IEC 19790, Security and Certifications Manager, Thales, United Kingdom; Tim Hall, Security Testing, Validation, and Measurement Manager, National Institute of Standards and Technology (NIST), United States; Carolyn French, Manager of Product Assurance and Standards, Canadian Centre for Cyber Security (CCCS), Canada; Markku-Juhani Saarinen, Staff Cryptography Architect, PQShield, United Kingdom; Yi Mao, Managing Director, atsec information security corporation, United States [60MIN]

15:00 - 15:30 Networking Break in Exhibits

Ballroom Foyer
(Exhibits Close at 15:30)

15:30 - 17:00 Track Sessions

Ballroom A
Advances in the Use of CC (A23)
ALC
Moderator: Alan Sukert, HIT Chair, IEEE-ISTO Printer Working Group, United States

15:30 Implementing Life Cycle & Supply Chain Controllability in SME (A23a) Ellen Wesselingh, Senior Security Architect, Fox-IT, Netherlands


16:00 Results and Experience of the First Pilot on Patch Management (ALC_PAM) in BSI (A23b) Michael Meissner, Certifier, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany


16:30 ISCI WG1 Work on ALC Improvements (and More) (A23c) Monique Bakker, Senior Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands

Ballroom B
CC in New Domains (D23)
Selected Topics
Moderator: Fritz Bollmann, Head of Software Certification, German Federal Office for Information Security (BSI), Germany

15:30 Dedicated Security Components iTC Update (D23a) Brian Wood, Program Manager, Google, United States


16:00 MDM Server Certification Without NIAP’s MDM PP (D23b) Michael Vogel, Managing Director, atsec Information Security, Germany


16:30 Cybersecurity Maturity Model Certification (CMMC) Overview (D23c) Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States

Ballroom C
Meeting Customer Requirements (M23)
Post-Quantum
Moderator: Sylvain Guilley, CTO, Secure-IC, France
Track Sponsor

15:30 Post-Quantum vs. AVA_VAN (M23a) Markku-Juhani Saarinen, Staff Cryptography Architect, PQShield, United Kingdom


16:00 Post Quantum Cryptography: A Quintessential Quagmire (M23b) Matthew Downey, Technical Lead, National Information Assurance Partnership (NIAP), United States


16:30 Developing the Evaluation Methodology Document for Prepare and Measure Quantum Key Distribution Modules (M23c) Kenji Yamaya, CC Manager, ECSEC Laboratory Inc, Japan

Thursday 2 November

08:00 - 09:00 Coffee

Ballroom Foyer

09:00 - 10:30 Track Sessions

Ballroom A
Advances in the Use of CC (A30)
Selected Topics
Moderator: Monique Bakker, Senior Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands

09:00 Common Criteria as a Way to Secure Quantum Communication in Europe (A30a) Anna Prudnikova, Team Manager – Products Security, Secura Bureau Veritas, Netherlands


09:30 The Well-Documented Code: The Case for Generating Design Documentation from the Source Code (A30b) Dietmar Rosenthal, Lead Expert Source Code Analysis, TÜV Informationstechnik GmbH, Germany


10:00 Certification Requirements of a Common Criteria Certification of a General Purpose Operating System Vendor (A30c) Knut Trepte, Senior Product Manager Product Security, SUSE Linux, Germany

Ballroom B
CC in New Domains (D30)
Applications in Other Domains
Moderator: Fritz Bollmann, Head of Software Certification, German Federal Office for Information Security (BSI), Germany

09:00 Cybersecurity Evaluation for Open RAN Components of 5G System (D30a) Elżbieta Andrukiewicz, ITSEF Manager, National Institute of Telecommunications, Poland; Dr. Piotr Krawiec, National Institute of Telecommunications, State Research Institute


09:30 Adaptation of Common Criteria Methodology to the Security Evaluation of Industrial Automation and Controls Systems – Theory Basics and Case Study (D30b) Dariusz Rogowski, ITSEF Manager, Łukasiewicz Research Network – Institute of Innovative Technologies EMAG, Poland; Rafal Kurianowicz, Senior Technical Specialist, Łukasiewicz Research Network – Institute of Innovative Technologies EMAG, Poland


10:00 Bridging the Gap in IoT Certification: A Vendor Analysis When Stepping Up from SESIP to Common Criteria (D30c) Georg Stütz, Cybersecurity Certification Expert, NXP Semiconductors, Austria

Ballroom C
Updates from Schemes and iTCs (U30)
Crypto
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States

09:00 CCDB Crypto Working Group Report (U30a) James Dondelinger, CC Validator, The Aerospace Corporation, United States; Frank Grefrath, CC Certifier, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany


09:30 What to Do About Entropy? (U30b) Lisa Rabe, Security Research Engineer, Cisco, United States


10:00 The New Cryptographic Evaluation Methodology Created by CCN and How to Apply It for Common Criteria (U30c) Jose Ruiz Gualda, CTO, jtsec Beyond IT Security, Spain

10:30 - 10:45 Networking Break

Ballroom Foyer

10:45-12:15 Track Sessions

Ballroom A
Advances in the Use of CC (A31)
Hot in US
Moderator: Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States

10:45 SBOM the Good, the Bad, and the Ugly (A31a) Michael Angelo, Chief Security Architect, OpenText, United States


11:15 Common Criteria, the Building Blocks for Commerical Solutions for Classified (CSfC) (A31b) Chris Gugel, Lab Director, Booz Allen Hamilton, United States


11:45 DoDIN APL a Logical Extension to the Common Criteria Evaluation (A31c) Herbert E Markle, CC Technical Director and Lead DoDIN APL Consultant, Booz Allen Hamilton, United States

Ballroom B
Cybersecurity Certification Schemes Landscape (L31)
Alternative Use
Moderator: Monique Bakker, Senior Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands

10:45 Application of Common Criteria in Cooperative Intelligent Transportation Systems (L31a) Diego Sierra Liras, Common Criteria Service Manager, DEKRA Product Testing & Certification S.A.U, Spain


11:15 Panel Discussion: New Certification Schemes Based on Common Criteria (L31b) Leader: Michael Grimm, Principal Security Program Manager, Microsoft, United States; Georg Stütz, Cybersecurity Certification Expert, NXP Semiconductors, Austria; Wouter Slegers, Program Director, ICCC and CEO, TrustCB, Netherlands; Nils Tekampe, IT Consultant, Konfidas, Germany [60MIN]

Ballroom C
Updates from Schemes and iTCs (U31)
iTCs
Moderator: Kwangwoo Lee, Security Architect, HP, South Korea

10:45 Network Device iTC Update (U31a) Kristy Knowles, Technical Leader, Cisco, United States


11:15 Advancing Hardcopy Device Security Standards: HCD iTC Update (U31b) Alan Sukert, HIT Chair, IEEE-ISTO Printer Working Group, United States; Kwangwoo Lee, Security Architect, HP, South Korea


11:45 10 Years DBMS (i)TC—The Past, the Present, the Cloud (U31c) Anantha Kandiah, Engineering Director, Teron Labs, Australia; Wolfgang Peter, Principal Security Program Manager, Microsoft, Germany

12:15 - 12:30 Networking Break

Ballroom Foyer

12:30-13:35 Closing Plenary Session

Ballroom BC

12:30 Summary Panel Discussion: Growing Common Criteria–How Do We Help End Users Understand the Value of Certification? (P32a) Leader: Wouter Slegers, Program Director, ICCC and CEO, TrustCB, Netherlands; Eugene Liderman, Director Mobile Security Strategy, Google, United States; Petra Manche, CCUF Management Group Chair and Common Criteria Manager, Cisco, United Kingdom; Shaunak Shah, CCTL Manager, Intertek Acumen Security, United States; Peter van Swieten, Senior Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands

13:30 Announcement of ICCC24 (P32b)

13:35 Adjourn