09:00 Introduction & Welcome (P10a) Wouter Slegers, Program Director, ICCC and CEO, TrustCB, Netherlands
09:10 Government Keynote (P10b) David Luber, Deputy Director, Cybersecurity Directorate, National Security Agency (NSA), United States
09:40 Industry Keynote: The Only Constant is Change (P10c) Mary Ann Davidson, CSO, Oracle, United States
11:00 CCDB/CCMC Update (P11ab) Jon Rolf, Director, National Information Assurance Partnership (NIAP), National Security Agency (NSA), United States; Tiziano Inzerilli, Agenzia per la Cybersicurezza Nazionale Organismo di Certificazione della Sicurezza Informatica, Italy
11:30 CCUF Update (P11c) Petra Manche, Common Criteria Manager, Cisco and CCUF Management Group Chair, United Kingdom
11:45 Plenary Panel Discussion: EUCC (P11d) Leader: Jose Ruiz Gualda, CTO, jtsec Beyond IT Security, Spain; Philippe Blot, Head of Sector Certification, ENISA, Greece; Elżbieta Andrukiewicz, ITSEF Manager, National Institute of Telecommunications, Poland; Monique Bakker, Senior Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands; Franck Leroy, Chief Conformity Officer, IN Groupe, France [60MIN]
Advances in the Use of CC (A12) Biometrics |
Moderator: Miguel Bañón, Independent Consultant, Convenor, ISO/IEC JTC 1/SC 27/WG 3, Spain |
14:15 Spanish Initiatives on the Security Evaluation and Certification of Biometric Products (A12a) Belen Fernandez, Certifier, CCN, Spain
14:45 Biometrics iTC Status update (A12b) Brian Wood, Program Manager, Google, United States
Updates from Schemes and iTCs (U12) Scheme Updates |
Moderator: Petra Manche, Common Criteria Manager, Cisco and CCUF Management Group Chair, United Kingdom |
14:15 U.S. Scheme Update (U12a) Jon Rolf, Director, National Information Assurance Partnership (NIAP), National Security Agency (NSA), United States
14:45 Spain Scheme Update (U12b) Luis Fernandez, Certifier, CCN, Spain
Meeting Customer Requirements (M12) Vulnerability Handling |
Moderator: Rob Huisman, Lead Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands |
14:15 Panel Discussion: Vulnerability Handling and Disclosure, Assurance Continuity Processes (M12a) Leader: Matthias Intemann, Head of Certification, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; Dan O’Loughlin, VP Engineering, Qualcomm Technologies, United States; Javier Tallón, Co-Founder & Chief Operations Officer & Technical Director, jtsec Beyond IT Security, Spain; Henry Tan, Deputy Director/Cybersecurity Certification Centre, Cyber Security Agency (CSA), Singapore [60MIN]
Advances in the Use of CC (A13) Hardware Attacks |
Moderator: Markus Bartsch, Business Development IT Security, TUV Informationstechnik GmbH, Germany |
15:45 Rock Around the Hardware Attack Automation (A13a) Guillaume Vinet, Security Analyst, eShard, France
16:15 Common Criteria Vulnerability Quotation System versus High-Order Side-Channel Attacks (A13b) Sylvain Guilley, CTO, Secure-IC, France
16:45 CC 2022 in Action: Securing Cryptographic Protocols and Their Implementations (A13c) Ritu Ranjan Shrivastwa, Certification and Standardization Program Manager, Secure-IC, France
Updates from Schemes and iTCs (U13) Scheme Updates |
Moderator: Miguel Bañón, Independent Consultant, Convenor, ISO/IEC JTC 1/SC 27/WG 3, Spain |
15:45 NL Scheme Update Including EUCC (U13a) Glenn Wever, Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands
16:15 Germany Scheme Update (U13b) Fritz Bollmann, Head of Software Certification, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany
16:45 Assurance Continuity—Filling the Gap Between Maintenance and Re-certification (U13c) Christian Krause, Certifier, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany
Meeting Customer Requirements (M13) Certificates |
Moderator: Rob Huisman, Lead Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands |
15:45 2023 CC Statistics Report “Has Common Criteria Reached Its Peak?” (M13a) Jose Manuel Pulido Carrillo, Consulting Leader and Senior Evaluator, jtsec Beyond IT Security, Spain
16:15 Panel Discussion: Challenges to Common Criteria Mutual Recognition (M13b) Leader: Robert Harland, Common Criteria Operations Manager, Canadian Centre for Cyber Security (CCCS), Canada Panelists: Jon Rolf, Director, National Information Assurance Partnership (NIAP), National Security Agency (NSA), United States; Rob Huisman, Lead Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands; Matthias Intemann, Head of Certification, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; Robert Lee, Senior Assistant Director, Cyber Security Agency (CSA), Singapore [60MIN]
2023 Common Criteria Certificate Presentation Ceremony (P14) London Room Host: Robert Clemons, Independent Consultant, United States
Participants will have the opportunity to be photographed receiving their CC certificates from the national schemes. Click here for complete information.
Enjoy an informal group dinner at Cube Libre Restaurant with your ICCC colleagues on Tuesday, October 31. This is an optional add-on to the 3-day conference registration. For an additional fee you can reserve your seat for a prix-fixe dinner at a group table. Reserve early—seating is limited. On site, you’ll meet your group at 19:15 at the conference registration desk and depart from there.
Advances in the Use of CC (A20) Cloud |
Moderator: Thomas Billeau, Director – Head of SE Security Certification, NXP Semiconductors, Germany |
09:00 Update on the Common Criteria in the Cloud Technical Working Group (A20a) Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States
09:30 Experiences Evaluating Cloud Services and Products (A20b) Javier Tallón, Technical Director, jtsec Beyond IT Security, Spain
10:00 Silver Linings: Cloud Seeding for Common Criteria (A20c) Brandon Harvey, Principal Security Analyst, Oracle, United States
Updates from Schemes and iTCs (U20) EUCC Updates |
Moderator: Jose Ruiz Gualda, CTO, jtsec Beyond IT Security, Spain |
09:00 Update on EUCC (U20a) Philippe Blot, Head of Sector Certification, ENISA, Greece
09:30 Possible Evolution of the EUCC (U20b) Philippe Blot, Head of Sector Certification, ENISA, Greece
10:00 Implementation of and Transition to EUCC (U20c) Wouter Slegers, Program Director, ICCC and CEO, TrustCB, Netherlands
Cybersecurity Certification Schemes Landscape (L20) CC:2022 |
Moderator: Angela Soum, National Information Assurance Partnership (NIAP), United States |
09:00 Multi Assurance/Assurance Profiles Evaluation Paradigm: Modularity and Composition Models in CC: 2022 (L20a) Jose Emilio Rico, Business Development and Strategy, DEKRA Testing and Certification S.A.U., Spain
09:30 ISO/IEC 15408:2022 Moving Forward (L20b) Leader: Miguel Bañón, Independent Consultant, Convenor, ISO/IEC JTC 1/SC 27/WG 3, Spain; Kwangwoo Lee, Security Architect, HP, South Korea; Susanne Pingel, Certifier, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; Carolina Lavatelli, CTO & Founder, Internet of Trust, France [60MIN]
Advances in the Use of CC (A21) Cloud |
Moderator: Erin Connor, Consultant, Daideo Consulting, Canada |
11:00 Mobility in Cloudy Weather: Evaluating Cloud Products using NIAP’s Mobile Device Management PP (A21a) Jade Stewart, Portfolio Manager, National Information Assurance Partnership (NIAP), United States
11:30 Panel Discussion: Common Criteria in the Cloud (A21b) Leader: Erin Connor, Consultant, Daideo Consulting, Canada; Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States; Michael Angelo, Chief Security Architect, OpenText, United States; Anne Gugel, Principal Cybersecurity Engineer, Johns Hopkins University APL, United States; Justin Fisher, Senior Security Assurance Engineer, Leidos, United States
Updates from Schemes and iTCs (U21) Scheme Updates |
Moderator: Hitoshi Matsumoto, JISEC IPA, Japan |
11:00 Japan Scheme Update (U21a) Toru Hashimoto, Assistant Manager, IPA, Japan
11:30 Australian Common Criteria Scheme Updates (U21b) Hin Chan, Manager – Australian Certification Authority (ACA), Australian Cyber Security Centre, Australia
12:00 Evolution of Malaysia Common Criteria (U21c) Amiroul Farhan Roslaini, Analyst, CyberSecurity Malaysia, Malaysia
Cybersecurity Certification Schemes Landscape (L21) CC:2022 |
Moderator: Alan Sukert, HIT Chair, IEEE-ISTO Printer Working Group, United States |
11:00 ISO/IEC 15408:2022 Moving Forward, Continued (L21a) Leader: Elzbieta Andrukiewicz, ITSEF Manager, National Institute of Telecommunications, Poland; Kwangwoo Lee, Security Architect, HP, South Korea; Miguel Bañón, Independent Consultant, Convenor, ISO/IEC JTC 1/SC 27/WG 3, Spain; Susanne Pingel, Certifier, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany
11:30 CC:2022 – How it Compares and Differs from CC3.1R5 (L21b) Trang Huynh, CC Lab Manager, atsec information security corporation, United States
12:00 Practical Transition from CCv3.1 to CC: 2022 (L21c) Wouter Slegers, CEO, TrustCB, Netherlands
Advances in the Use of CC (A22) Composition and PPs |
Moderator: Petra Manche, Common Criteria Manager, Cisco and CCUF Management Group Chair, United Kingdom |
13:30 Challenges in the Adoption of CC:2022 for Protection Profiles, PP Modules and Functional Packages (A22a) Alejandro Masino, Senior Security Consultant, atsec information security corporation, United States
14:00 PP-Modules and the Growth of Requirements—Will Decomposition Be a Boon or a Bane? (A22b) Brian Wood, Program Manager, Google, United States
14:30 Differences Between NDcPP v.2.2e and v.3.0 (A22c) Shaunak Shah, CCTL Manager, Intertek Acumen Security, United States
CC in New Domains (D22) AI |
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States |
13:30 Innovating CC: The Use of ChatGPT in Drafting Protection Profiles and Security Targets (D22a) Roland Atoui, Managing Director, Red Alert Labs, France
14:00 Challenge of CC in New Technology: Experience in Evaluating AI Using Common Criteria (D22b) Lex Schoonen, SGS Brightsight, Netherlands; Thomas Jorgensen, SGS Brightsight, Netherlands
14:30 Evaluation of Evaluation Facilities (D22c) Jürgen Blum, Policy Officer, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany
Meeting Customer Requirements (M22) Cryptographic Standards |
Moderator: Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States |
13:30 Customer-Provided Entropy Provision for Virtual Machines in Hypervisor Environments (M22a) Rumman Mahmud, Staff 2 Security Compliance Engineer, VMware, Inc., United States
14:00 Panel Discussion: Evolution of the Cryptographic Standards Ecosystem (M22b) Leader: Graham Costa, Co-Editor ISO/IEC 19790, Security and Certifications Manager, Thales, United Kingdom; Tim Hall, Security Testing, Validation, and Measurement Manager, National Institute of Standards and Technology (NIST), United States; Carolyn French, Manager of Product Assurance and Standards, Canadian Centre for Cyber Security (CCCS), Canada; Markku-Juhani Saarinen, Staff Cryptography Architect, PQShield, United Kingdom; Yi Mao, Managing Director, atsec information security corporation, United States [60MIN]
Advances in the Use of CC (A23) ALC |
Moderator: Alan Sukert, HIT Chair, IEEE-ISTO Printer Working Group, United States |
15:30 Implementing Life Cycle & Supply Chain Controllability in SME (A23a) Ellen Wesselingh, Senior Security Architect, Fox-IT, Netherlands
16:00 Results and Experience of the First Pilot on Patch Management (ALC_PAM) in BSI (A23b) Michael Meissner, Certifier, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany
16:30 ISCI WG1 Work on ALC Improvements (and More) (A23c) Monique Bakker, Senior Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands
CC in New Domains (D23) Selected Topics |
Moderator: Fritz Bollmann, Head of Software Certification, German Federal Office for Information Security (BSI), Germany |
15:30 Dedicated Security Components iTC Update (D23a) Brian Wood, Program Manager, Google, United States
16:00 MDM Server Certification Without NIAP’s MDM PP (D23b) Michael Vogel, Managing Director, atsec Information Security, Germany
16:30 Cybersecurity Maturity Model Certification (CMMC) Overview (D23c) Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States
Meeting Customer Requirements (M23) Post-Quantum |
Moderator: Sylvain Guilley, CTO, Secure-IC, France |
15:30 Post-Quantum vs. AVA_VAN (M23a) Markku-Juhani Saarinen, Staff Cryptography Architect, PQShield, United Kingdom
16:00 Post Quantum Cryptography: A Quintessential Quagmire (M23b) Matthew Downey, Technical Lead, National Information Assurance Partnership (NIAP), United States
16:30 Developing the Evaluation Methodology Document for Prepare and Measure Quantum Key Distribution Modules (M23c) Kenji Yamaya, CC Manager, ECSEC Laboratory Inc, Japan
Advances in the Use of CC (A30) Selected Topics |
Moderator: Monique Bakker, Senior Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands |
09:00 Common Criteria as a Way to Secure Quantum Communication in Europe (A30a) Anna Prudnikova, Team Manager – Products Security, Secura Bureau Veritas, Netherlands
09:30 The Well-Documented Code: The Case for Generating Design Documentation from the Source Code (A30b) Dietmar Rosenthal, Lead Expert Source Code Analysis, TÜV Informationstechnik GmbH, Germany
10:00 Certification Requirements of a Common Criteria Certification of a General Purpose Operating System Vendor (A30c) Knut Trepte, Senior Product Manager Product Security, SUSE Linux, Germany
CC in New Domains (D30) Applications in Other Domains |
Moderator: Fritz Bollmann, Head of Software Certification, German Federal Office for Information Security (BSI), Germany |
09:00 Cybersecurity Evaluation for Open RAN Components of 5G System (D30a) Elżbieta Andrukiewicz, ITSEF Manager, National Institute of Telecommunications, Poland; Dr. Piotr Krawiec, National Institute of Telecommunications, State Research Institute
09:30 Adaptation of Common Criteria Methodology to the Security Evaluation of Industrial Automation and Controls Systems – Theory Basics and Case Study (D30b) Dariusz Rogowski, ITSEF Manager, Łukasiewicz Research Network – Institute of Innovative Technologies EMAG, Poland; Rafal Kurianowicz, Senior Technical Specialist, Łukasiewicz Research Network – Institute of Innovative Technologies EMAG, Poland
10:00 Bridging the Gap in IoT Certification: A Vendor Analysis When Stepping Up from SESIP to Common Criteria (D30c) Georg Stütz, Cybersecurity Certification Expert, NXP Semiconductors, Austria
Updates from Schemes and iTCs (U30) Crypto |
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States |
09:00 CCDB Crypto Working Group Report (U30a) James Dondelinger, CC Validator, The Aerospace Corporation, United States; Frank Grefrath, CC Certifier, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany
09:30 What to Do About Entropy? (U30b) Lisa Rabe, Security Research Engineer, Cisco, United States
10:00 The New Cryptographic Evaluation Methodology Created by CCN and How to Apply It for Common Criteria (U30c) Jose Ruiz Gualda, CTO, jtsec Beyond IT Security, Spain
Advances in the Use of CC (A31) Hot in US |
Moderator: Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States |
10:45 SBOM the Good, the Bad, and the Ugly (A31a) Michael Angelo, Chief Security Architect, OpenText, United States
11:15 Common Criteria, the Building Blocks for Commerical Solutions for Classified (CSfC) (A31b) Chris Gugel, Lab Director, Booz Allen Hamilton, United States
11:45 DoDIN APL a Logical Extension to the Common Criteria Evaluation (A31c) Herbert E Markle, CC Technical Director and Lead DoDIN APL Consultant, Booz Allen Hamilton, United States
Cybersecurity Certification Schemes Landscape (L31) Alternative Use |
Moderator: Monique Bakker, Senior Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands |
10:45 Application of Common Criteria in Cooperative Intelligent Transportation Systems (L31a) Diego Sierra Liras, Common Criteria Service Manager, DEKRA Product Testing & Certification S.A.U, Spain
11:15 Panel Discussion: New Certification Schemes Based on Common Criteria (L31b) Leader: Michael Grimm, Principal Security Program Manager, Microsoft, United States; Georg Stütz, Cybersecurity Certification Expert, NXP Semiconductors, Austria; Wouter Slegers, Program Director, ICCC and CEO, TrustCB, Netherlands; Nils Tekampe, IT Consultant, Konfidas, Germany [60MIN]
Updates from Schemes and iTCs (U31) iTCs |
Moderator: Kwangwoo Lee, Security Architect, HP, South Korea |
10:45 Network Device iTC Update (U31a) Kristy Knowles, Technical Leader, Cisco, United States
11:15 Advancing Hardcopy Device Security Standards: HCD iTC Update (U31b) Alan Sukert, HIT Chair, IEEE-ISTO Printer Working Group, United States; Kwangwoo Lee, Security Architect, HP, South Korea
11:45 10 Years DBMS (i)TC—The Past, the Present, the Cloud (U31c) Anantha Kandiah, Engineering Director, Teron Labs, Australia; Wolfgang Peter, Principal Security Program Manager, Microsoft, Germany
12:30 Summary Panel Discussion: Growing Common Criteria–How Do We Help End Users Understand the Value of Certification? (P32a) Leader: Wouter Slegers, Program Director, ICCC and CEO, TrustCB, Netherlands; Eugene Liderman, Director Mobile Security Strategy, Google, United States; Petra Manche, CCUF Management Group Chair and Common Criteria Manager, Cisco, United Kingdom; Shaunak Shah, CCTL Manager, Intertek Acumen Security, United States; Peter van Swieten, Senior Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands
13:30 Announcement of ICCC24 (P32b)