Program – Full (With Tab Name)

Traditionally verification in automotive was centered around safety, protection against unintentional problems. Now it is time to look at security, or how do we protect against intentional problems? We show... Read More

IoT systems become highly dynamic and configurable raising evaluation difficulties. They have multiple components with different robustness levels. Connect the components’ security functions during integration is essential. Our “Lego” methodology... Read More

The topic of this presentation is the current approach for composite evaluations (where a hardware platform is evaluated separately from the software running on the hardware) and its failure to... Read More

The aim of this presentation is providing an overview of the compositional security certification methodology to be used in the scope of MILS (Multiple Independent Levels of Security) evaluations and... Read More

Distributed products evaluated under the Common Criteria paradigm have their own set of unique challenges. The Network Device iTC has supported distributed TOEs since the release of Network Device Collaborative... Read More

The FIDO Alliance, a 250+ member association developing specifications and certification programs for simpler, stronger authentication, announced back in March 2018 the expansion of its certification program to include multi-level... Read More

This session will present a new approach – BSZ – in the German scheme (comparable to CSPN in France) which aims at providing assurance while drastically reducing both time as... Read More

GlobalPlatform will present the use of Common Criteria to build a Trusted Execution Environment (TEE) security scheme. The speech will cover; Lessons learnt within the TEE ecosystem, The latest evaluation... Read More

Common? C’mon! Over the years, the CC have struggled to establish a common understanding of where the bars shall be positioned that products must clear for a certain certification level.... Read More

The concept of PP-Modules was added to the CC in 2017. The first PP-Modules are just now being written and published for public consumption. As a new concept, vendors and... Read More

The speakers will showcase tooling that is freely available to the Common Criteria community on GitHub at https://github.com/commoncriteria. Major contributions include: (1) Development of a formally-defined XML schema that provides... Read More

More and more standards include the requirement for cryptographic agility. Although, these are just two simple words, they have a significant impact on how systems are designed around cryptographic algorithms.... Read More

The car industry’s digital transformation exposes new cybersecurity threats. In order to solve this, various standardizations on automotive cybersecurity are in progress, the most representative of which are the UNECE... Read More

Eurosmart ITSC, the evolution towards evaluation of HW IP blocks and the importance of vulnerability analysis and pen-testing against a properly defined PP to guarantee a high-level of security assurance. 

Conciliating product-based security and IP-protected third-party supplies has become a cornerstone for certification schemes in many sectors. Chip manufacturers, for example, are looking to protect their IP from software providers... Read More

The next CC version will incorporate the Composite evaluation methodology as it has been already successfully used for decades within the domain of smart cards and similar devices. Composition evaluations... Read More

EAL6 certifications have recently gained terrain. With CCv4 within reach and with an extensive experience in formal evaluations, the French and German schemes are proposing a formal methods usage approach... Read More

Session Description TBA  

The Common Criteria has been a framework for product evaluation of security functions since its inception in the late 1990s. As DevOps became the trend for development of agile cloud... Read More

I know, I know: some of us come to the ICCC to complain that the CC only meets 1, maybe 2 of these goals. For possibly more years than we... Read More

During the 1990’s the introduction of the internet, web browser, email and resulting electronic services led to an initial commercialization wave of crypto and security technologies. During this time security... Read More

Is it possible to establish a confidential assurance environment that will allow independent 3rd party evaluators to conduct software security analysis of vendor proprietary (sensitive) software, while preserving the confidentiality... Read More

Within the smartcard and similar devices domain, the site audit must complain to MSSR (Minimum Site Security Requirements). Some of the developer applications to be considered are no more hosted... Read More

The COVID-19 pandemic crisis that hit the world in 2020, forced many companies to enable remote working opportunities to continue their operation while minimizing the amount of staff that had... Read More

As one of the first iTCs, the Network iTC has received a list of comments from the Common Criteria Maintenance Board (CCMB) on its supporting documents for the NDcPP and... Read More

CCCAB (Common Criteria Conformity Assessment Body) Tool is a unique framework that will allow Common Criteria CABs to smooth the certification process for ICT products, reducing the cost and time... Read More

New concepts and changes in the 2022 edition of the CC standard. CC revision by ISO has generated lot of expectations since the process started back in 2016. With the... Read More

In this presentation the speaker will address one of the main challenges of CC evaluation/certification of mobile SOC’s and integrated SE’s. The current timelines for testing of the SOC are... Read More

In recent years, the CC community has intensely discussed the pros and cons of source code analysis as part of CC evaluations. There have been numerous concerns about losing intellectual... Read More

Generating and validating a security target has historically been a thankless, tedious, and error prone endeavor. NIAP’s automation effort strives to turn this months-long slog into a pain free guided... Read More

ITSEF of Łukasiewicz-EMAG Institute has finished the first pilot evaluation for software TOE (EAL 4+) within the Polish Common Criteria evaluation scheme. The Polish evaluation scheme resulted from an R&D... Read More

Quantum Key Distribution (QKD), which enables information theoretically secure key establishment, is about to be put into practical use. Security evaluation and certification of QKD modules are under standardization process... Read More

AI/ML based solutions provide machines with intelligence where these solutions have the ability to process input from big data sets and provide outcomes. This is basically a prediction based on... Read More

Soft-IP cores facilitate chip development with reusable hardware blocks. Reuse of Soft-IP evaluation results has been experimented with, but there is no widely accepted practice. The Eurosmart Soft-IP taskforce prepares... Read More

To support a smooth and efficient evaluation of Integrated Secure Elements compliant to PP-0117 (also called the Secure Sub-System (3S) in SoC), ISCI-WG1 and JHAS have collaborated in developing several... Read More

Starting in 2019 with Android 9, Google started to evaluate Pixel devices to the requirements of the PP_MDF. While this directly supports Google in showing Pixel devices as capable of... Read More

This presentation will outline the required steps to assess an entropy source including design analysis, entropy justification, and health testing to meet Common Criteria requirements from the NDcPP based on... Read More

n-doc is an open source platform for creating developer CC documentation. n-doc produces high quality PDF files with generated hyperlinks for easy navigation. n-doc consists of LaTeX macros, Lua programs,... Read More

Common Criteria and LINCE (i.e., Essential National Security Certification) are the two evaluation methodologies used by the Spanish Scheme to certify the security of IT products. However, these methodologies are... Read More

On October 25, NIAP’s first public Cloud evaluation “kicked-off” – Microsoft Intune conforming to NIAP’s Mobile Device Management Protection Profile version 4.0 and Mobile Device Management Agent PP module version... Read More

An expert discussion on the status and outlook for Common Criteria in the cloud.

The new version of Common Criteria includes new entities in its conceptual model, most of them based on the evolution of the NIAP’s evaluations (PP configurations, PP modules, Functional Packages,... Read More

PP-Modules and Functional Packages ensure common requirements across different product types, which is great and as it should be. Yet at the same time, this has led to an increase... Read More

This talk discusses the implementation of a measurable life cycle in a medium-sized company specializing in high-tech secure communication solutions. The company has developed and implemented models, processes, and tools... Read More

A high level of trustworthiness in CC certifications require high evaluation efforts, since proven security can only be based on knowledge and facts, not on trust. An unjustified criticism of... Read More

In their talk, the speakers will discuss how the implementation of Common Criteria will contribute to the growth of Europe’s industrial ecosystem for quantum communication technologies and systems. They will... Read More

The typical developer will document their source code reasonably well, at times substituting code comments for formal documentation entirely. Still, little effort is taken to generate documentation for evaluations from... Read More

Meeting Customers Expectations and Requirements in times of dramatically changing legal and technological environment is not easy. Upcoming legislation and regulation changes in Europe meet changes in the United States... Read More

Over the past two years, we have seen numerous failings of products due to issues within their software supply chain. Unfortunately, supply chains have become a key attack vector. Supply... Read More

Overview of the Commercial Solutions for Classified (CSfC) program’s structure and value to its end customer community, and this program’s reliance on layered security provided by multiple CC certified products.... Read More

Overview the Department of Defense Information Network (DoDIN) Approved Products List (APL) certification as a DoD procurement requirement for hardware products. Compared and contrasted the objectives of CC and DODIN... Read More

This expert discussion covers the status and outlook of vulnerability handling. Common Criteria (CC) addresses vulnerability handling through a combination of security requirements and evaluation activities. CC primarily focuses on... Read More

Confidential computing provides protection to data during processing, particularly for data being processed in a cloud or mobile environment. Beyond that, the definitions vary from vendor to vendor. This talk... Read More

Tracking known vulnerabilities in open-source libraries as Common Vulnerabilities and Exposures (CVE), and distribution via special databases such as those hosted by MITRE, has been the de-facto standard for supply... Read More

NIAP started a SBOM pilot on 1st March 2024 (Policy 30) for NIAP’s Application Software Protection Profile. The purpose of this project is the usage of SBOMs for vulnerability analysis... Read More

A project on the evaluation of AI-based technology has been accepted in ISO/IEC JTC 1 SC 27 Information security, cybersecurity, and privacy protection WG3 – Security Evaluation, Testing and Specification.... Read More

This expert panel covers the intersection of artificial intelligence and Common Criteria. AI systems introduce unique security risks like adversarial attacks that manipulate training data or exploit vulnerabilities in the... Read More

Information assurance (IA) of confidentiality, integrity, accountability, and privacy is achieved by third-party evaluation based on internationally accepted security standards such as Common Criteria. This talk tackles how IA methodology... Read More

High assurance evaluation of TOEs not included in known technical domains (Smartcards or security boxes) faces the additional challenge of creating evaluation, attack, and test methodologies. These challenges are greater... Read More

The Common Criteria in the Cloud Technical Community (CCitC TC) has authored guidance for protection profile authors who wish to expand the scope of their PPs to add cloud platforms.... Read More

This talk explores the ongoing efforts to evolve and enhance the collaborative Protection Profile for Database Management Systems (cPP_DBMS) to support cloud architectures. It will delve into the key changes... Read More

Tools for code review are commonly used to allow developers to identify bugs and bad programming habits. They are often provided as a service through a third-party cloud infrastructure, posing... Read More

NIAP is in the process of certifying its first Cloud product using the Mobile Device Management (MDM) Protection Profile. This talk will discuss the challenges of this certification (from a... Read More

This expert panel surveys the challenges posed by the trend to native cloud migration. Under native cloud migration, applications are revamped to truly function in the cloud environment. Native cloud... Read More

This talk will explore the integration of post-quantum cryptography into the Common Criteria framework. It examines evolving CC evaluation criteria, algorithmic diversity, and certification processes amidst the quantum computing revolution.... Read More

ANSSI, as a certification body, licenses their ITSEFs. Along the process of licensing the ITSEFs (including audits), challenges are regularly organized, which can be based on hardware, software, or crypto... Read More

With the new version of Common Criteria in force, there is a need to align the Protection Profiles contents used in certification. This talk discusses the main aspects to be... Read More

Integrating AI into Common Criteria (CC) evaluations could significantly benefit vendors and laboratories by streamlining processes and improving accuracy. Vendors could use AI for pre-assessment, ensuring products meet security requirements... Read More

Malaysian has been using biometric fingerprint since 2001 when MyKAD first introduced. In the next few years, we envision a whopping change in trend since the other biometric modalities have... Read More

COVID-19 outbreak has brought difficulties and new challenges to the entire industry, including CC evaluations and certifications. Maintaining the CCRA terms in this new pandemic scenario is crucial, for which... Read More

Side-channel evaluation relies, for CC labs, on the lab expertise. However, owing to the dissemination of SCA requirements, a formal methodology is welcomed. Pioneering work done in ISO/IEC 17825 —... Read More

We start from a question: How do we rate overall attack resistance level of a solution which is subjected to software exploitation attacks? In this presentation, we discuss solutions currently... Read More

Common Criteria (CC) or ISO/IEC 15408 allows the certification of the assurance of IT products. The standard has proven to be flexible for high-security use-cases especially for secure elements, security... Read More

Evolution of the management of the changes in Common Criteria through the work of the ISCI WG1 “Changing certified products” subgroup and Thematic Group 5: “Continuity assurance and handling of... Read More

U.S. government agencies need to quickly and affordably assess whether their mobile apps are compliant to NIAP’s Protection Profile for Application Software. A pilot conducted by DHS proved automated app-vetting... Read More

The Internet of Things (IoT) has the potential to connect everything with everything else even in the automotive sector: Vehicles are increasingly connected to backend services and corresponding business models.... Read More

The Car Connectivity Consortium (CCC) consisting of over 150 members has developed a protection protocol to securely store, authenticate, and share digital keys in mobile devices and vehicles. The CCC... Read More

Since July 2022, vehicle manufacturers who aim to place their new vehicles in countries including the EU, UK, Japan, South Korea and others, need to have their vehicles type-approved in... Read More

An important aspect of standards work for 3D printing is the aspect of software security as it pertains to the Digital Additive Manufacturing process thread. Currently there is internationally recognized... Read More

Presented is an advanced application of the Common Criteria that has led to the development of a Protection Profile for a Quantum Computer. Specifically, we address the security requirements that... Read More

Common Criteria in its over two decades existence has seen many technology changes. Quantum crypto is just one of them – though could be a major one. While Quantum crypto... Read More

Looking at comparisons of on-premises and cloud revenue for a Database Management System (DBMS) published by Gartner et al., you will see a dramatic push from on-premises to cloud over... Read More

Hardware Security Modules (HSMs) become increasingly important in providing the root of trust for a variety of digital services. Today, HSMs safeguard multiple markets from banking, telecom and enterprise to... Read More

The interest for lightweight certifications is increased by the industry in order to provide “quicker” assurance for its products. This talk aims to give a panorama on the different lightweight... Read More

Presentation attacks are a severe threat to biometric systems—artificial fingers fool fingerprint sensors, photographs printed on paper bypass facial recognition systems. Presentation Attack Detection (PAD) mechanisms are often in place,... Read More

There are currently a large number of biometric solutions on the market, which are increasingly being applied in key sectors such as banking, public administration and insurance. In Spain, last... Read More

An update on the current status of the BIO-iTC. The two main topics will be the ongoing work on defining requirements for Continuous Multifactor Authentication and updates related to the... Read More

The OpenTitan project is the first transparently developed silicon root of trust (RoT) reference design – for both discrete and integrated solutions. We will describe the unique benefits of openness... Read More

This expert panel discussion will focus on the growing problem of multiplicity of standards.

The security of mobile networks is as important as it’s ever been and with the advent of 5G, networks consider it part of critical infrastructure. Equipment Vendor Manufacturers looking to... Read More

Protection Profile for Mobile Device Fundamentals has been used for many years in CC evaluations. ETSI has recently published a PP for Consumer Mobile Device (CMD). How does that affect... Read More

FIPS Approved and NIST recommended cryptographic algorithms are integral to a successful PP-based Common Criteria evaluation. Several impactful NIST algorithm transitions are taking place which could add significant risk to... Read More

Imagine a scenario where one is tasked with drafting a Protection Profile (PP) or Security Target (ST) that must align with the rigorous Common Criteria (CC) standards. The process involves... Read More

Artificial Intelligence is taking the world like a storm. AI is also very different from conventional Common Criteria evaluations where it is mainly focused on products. This talk explores the... Read More

The qualification of the lab which performs a CC evaluation is absolutely crucial for the level of assurance you will get. The International Common Criteria Recognition Agreement (CCRA) and the... Read More

This talk will provide an update on the work of the DSC iTC over the last year. The topics will include: – Current status of updates to feedback from the... Read More

There is a noticeable rise in the demand for certifications of MDM Trusted Servers against BSI-CC-PP-0115/0116 on EAL4+(ALC_FLR.3), which aligns with EUCC requirements. The following points will be addressed during... Read More

An overview of the supply chain cybersecurity program of the US Department of Defense.

Open RAN technology (and in general multi-vendor mobile network) is a novel approach for the building of mobile networks that assumes the open definition of interfaces for the separation of... Read More

This talk shows how CC and CEM can be adapted to the security evaluation of industrial automation and control systems (IACS). The IACS are often used in critical infrastructures like... Read More

This talk examines the transition from the Security Evaluation for Secure IoT Platforms (SESIP) to the more stringent Common Criteria, focusing on the challenges faced by vendors. While a single... Read More

ETSI has published TS 103 732-1, the Consumer Mobile Device PP, along with a set of PP-Modules (TS 103 732-2 Biometrics, TS 103 732-3 Multi-user, TS 103 732-4 Preloaded Apps,... Read More

Under ENISA’s EU5G activities, eUICC certification in the EUCC scheme has been optimized to streamline processes while ensuring high security. These improvements include streamlined applet certification, alignment with the GSMA... Read More

With the implementation of the European Union’s Digital Identity Wallet (EUDI) underway, soon every person living in the EU will have a digital identity applet stored on their smartphone. This... Read More

In today’s rapidly evolving regulatory landscape, the need for robust IoT security has never been more critical. This talk will delve into the pivotal role of EN 17927 (Security Evaluation... Read More

The Common Criteria standard is often criticized for its costliness, time-consuming nature, excessive documentation requirements, and lack of objectivity. In this talk, the authors will demonstrate how the standard can... Read More

Open Radio Access Network (Open-RAN) technology introduces disaggregation of RAN network functions, offering enhanced flexibility for extending hardware and software. The network may then be built through the integration of... Read More

The choice of cryptographic algorithms and corresponding key lengths is a challenge when designing a product. There are many national and industry standards, as well as common practices to be... Read More

Over the last few years Common Criteria has gone through a major change, some would say an upheaval. With the move to PP/cPP based exact conformance paradigm, two distinct schools... Read More

The FIA (Fédération Internationale de l’Automobile) is currently publishing a report of the “On-Board Telematics Platform (OTP) Security”. It addresses the importance for Mobility Clubs and Independent Service Providers (ISP)... Read More

CEN/CENELEC/ETSI and Smart Meter developers (ESMIG) started 7 years ago an initiative that resulted in a certified smart meter Protection Profile based on requirements from various countries and in line... Read More

Digitalization of health systems is an ongoing process worldwide. This presentation gives an overview of the German eHealth scheme which is currently being established. Interaction of technical components (smart cards... Read More

Product security certifications in today’s ever-changing environment are impacting traditional markets. Common Criteria certification demand has soared in the European regulated markets for digital signature (eIDAS), deprecation of NIST algorithms... Read More

Presented is a customer experience journey in creating a draft Protection Profile for multi-tenant Software-as-a-Service (SaaS) applications running in a commercial public cloud. We define the security problem, threats, and... Read More

Session Description TBA

5G systems support a wide range of verticals leading to different sets of security requirements. Some of these can be communalized, while others are exclusive to specific usages or associated... Read More

We were already in an era where new TOEs must be on the market like clockwork: this year’s phone must be evaluated, certified, and production must have started, before the... Read More

In CSA, the issue of addressing vulnerability handling for Certified Solutions holds an important role, as stated in Articles 51,54 and 55. These provisions are indicative of the strong importance... Read More

An expert discussion on vulnerability handling. Topics include legal issues, how to monitor, time limits, complexity of handling, and the needs of consumers.

Some products seem to defy certification when they are validated against a single security evaluation scheme. This situation becomes more difficult when validation against a second scheme is required and... Read More

The use of different automation tools in Common Criteria is a reality. In recent years, it has been demonstrated that the capacity to take on a large number of Common... Read More

Expert discussion on the status and outlook of vulnerability handling.

Virtualized environments rely on high-quality entropy for generating cryptographic keys and securing sensitive data. In many cases, the entropy sources within the VM or sourced from hypervisor may be of... Read More

Expert discussion on the status and outlook of cryptographic standards.

Can a Dilithium signing component meet the AVA_VAN.5 security level? At this level, the evaluating laboratory operates under “gloves off” conditions, thoroughly assessing the device’s security against a highly capable... Read More

Quantum computing is on the horizon, algorithm choices are crystalizing, and vendors are facing a forced trek through a lattice of uncertainty. This talk will discuss the quantum resistant algorithms... Read More

The actual operation of quantum key distribution (QKD), which is necessary for realizing information-theoretically secure key sharing, is about to begin in various countries. As part of the activities of... Read More

Soft-IP cores facilitate chip development with reusable hardware blocks. Reuse of Soft-IP evaluation results has been experimented with, but there is no widely accepted practice. As presented two years ago,... Read More

With the adoption of the European Regulation eIDAS 2.0, a legal framework of requirements for electronic signatures is established, introducing the notion of electronic signatures created using a remote signature... Read More

Common Criteria’s biggest benefit for vendors is the mutual agreement between signatory countries. This enables vendors to certify once and sell in multiple geographies. One of the biggest pain points... Read More

CVSS is a widespread vulnerability score model adopted by many known vulnerability databases and it could provide a useful aid to the evaluator for CC evaluation at AVA_VAN.2 or higher.... Read More

The first certification of the Java Card protection profile was in 2003. Since then, it has been regularly updated to reflect changes in both Common Criteria and the Java Card... Read More

In this joint talk with Infineon Technologies AG, the reuse of ISO 15408 Common Criteria evaluation evidence for ISO 21434 Road Vehicles Cybersecurity certification will be explored. The alignment of... Read More

The Functional Safety and Cybersecurity requirements originating from the acclaimed standards ISO 26262 and ISO/SAE 21434 go hand in hand in many aspects such as the process phase V-cycle for... Read More

The European Cybersecurity Resilience Act (CRA) establishes a set of cybersecurity requirements for products with digital elements and obligations for their manufacturers as a mandatory baseline to place these products... Read More

The CC:2022 multi-assurance evaluation paradigm, which allows different assurance requirements for different parts of the TSF (sub-TSFs), can be adopted in the context of EUCC. EUCC certificates will mostly be... Read More

This talk presents considerations and conclusions related to the evaluation of motion sensors augmented by AVA_VAN.5, according to the Common Criteria Protection Profile for Digital Tachograph – Motion Sensor (MS... Read More

Certifications are hard. Driving a software development company’s compliance and cybersecurity initiatives can be challenging as it requires a wide variety of skillsets and involves participation and buy-in from the... Read More

As the European Union Common Criteria (EUCC) framework continues to gain prominence as a benchmark for cybersecurity evaluation and certification, the demand for private Certification Bodies (CABs) within the EUCC... Read More

In the rapidly evolving landscape of the digital age, the integration of Artificial Intelligence (AI) and digital transformation initiatives has revolutionized operational technology (OT) systems. However, this convergence also introduces... Read More

EUCC has brought new requirements for the accreditation of Conformity Assessment Bodies, particularly those specified in a State of the Art (SotA) mandatory document published along with the regulation, which... Read More

EUCC has the potential to be a major milestone for the harmonized application of CC for a large market. During the last five years while EUCC was being prepared, the... Read More

Side-channel analyses are well-known threats to assets contained in Targets of Evaluation (ToE). They are very often contemplated in AVA_VAN evaluation. The reason is that such attacks are stealthy: millions... Read More

Connected devices are becoming a major part of all our lives. Dedicated connected devices are becoming more and more use case based, targeting for example, industrial applications, household applications, automated... Read More

Session Description TBA

Session description TBA

Session description TBA

Session description TBA

In 2019, SGS and Graz University of Technology (TU Graz) announced the Cybersecurity Campus Graz, where SGS then located its global headquarter for Cybersecurity Services next to TU Graz’ Cybersecurity... Read More

Join atsec colleagues from Germany, Italy, Sweden, China and the US for an overview of atsec’s global InfoSec service offerings with a special focus on Common Criteria for the ICCC.... Read More

Luis Jimenez was unable to attend. Jose Miguel Loste from the Centro Criptologico Nacional of Spain presented.

This is on behalf of the 2022 – 2024 CCUF MG Chair. The Common Criteria User Forum provide a voice and communications channel among the CC community including the vendors,... Read More

Expert discussion on the status and outlook for EUCC.

The State of Qatar aims to advance supply chain cyber resilience at a national level by proactively identifying and addressing key risk areas within the cyber security supply chain. This... Read More

This talk provides an update on the activities of the CCDB.

This talk provides an update on the activities of the CCMC.

A ceremony to welcome new members to the CCRA.

Certified products do not contain known vulnerabilities is a common theme for many regulatory frameworks including Common Criteria. As new vulnerabilities pop up all the time, it makes evaluations of... Read More

The Common Criteria User Forum provides a voice and communications channel among the CC community, including vendors, consultants, testing laboratories, Common Criteria organizational committees, national schemes, policymakers, and other interested... Read More

This expert discussion covers the status and outlook for EUCC.

Currently Europe implements a Cyber Security Act (CSA) which amongst others sets up a European IT-Security certification framework. It is more than an educated guess that the first implementation of... Read More

Following on from a presentation at ICMC 2018, this presentation will provide an update on progress with Brexit, the development of ENISA under the EU cyber security act; and the... Read More

An update on the current status of the BIO-iTC, with a focus on the PAD toolboxes and how the requirements compare to the FIDO Alliance Biometric Certification program. The presentation... Read More

The presentation includes an update of the ND iTC since the last ICCC, latest NDcPP and module postings, where we are today and what we are planning.

This presentation will be an update on the German schema.

Japanese Scheme Update

The purpose of the Hardcopy Devices collaborative protection profile (HCD cPP) is to facilitate efficient procurement of Commercial Off-The-Shelf product using the Common Criteria methodology for information technology security evaluation.... Read More

The project “National schema for the security and privacy evaluation and certification of IT products and systems compliant with Common Criteria” (KSO3C) is being implemented by a scientific consortium composed... Read More

This presentation by the Certification Body of the CCN is oriented to provide an update of the certification activities of the Spanish Scheme. In the last two years, the scheme... Read More

ISCI-WG1 is a key contributor in the Common Criteria (CC) and SOG-IS certification ecosystem. This talk is about ISCI-WG1 2020 achievements and how to tackle new challenges. Currently, ISCI-WG1 includes... Read More

CC Scraper is a python script that analyses automatically the information from the CC portal using OCR capabilities, pdf reading and other features providing a comprehensive statistics report of the... Read More

This presentation will focus on the goals of CC certification in Canada, such as international collaboration, economic benefits, and assistance to government, critical infrastructure, and non-traditional applications. Our experiences with... Read More

An update on efforts by NIAP.An update on efforts by NIAP.An update on efforts by NIAP.

NIST has announced a transition to new algorithms that affect a wide range of cryptographic functions. The Triple-DES algorithm will be retired. The standards for key agreement, key transport and... Read More

An update and demonstration of recent automation work by NIAP.

Highlight contributions that NIAP has made to the Common Criteria Recognition Arrangement by leading in Product Evaluations, Liaison between CCDB and CCUF, and serving as the CCMC Chair through 2023.... Read More

ENISA’s mission is not only to develop the future European Cybersecurity Certification Schemes and related documents but also to make sure the ecosystem has all tools in hand to apprehend... Read More

In this session you will receive all information necessary to know what’s about to happen in the EU Cybersecurity certification ecosystem and the conformity assessment developments related to the Cyber... Read More

ENISA will provide an update on the progress of the EUCC scheme, including its supporting elements (guidance and state-of-the art documents, website, maintenance).

The CSA will improve the general security level of products and services, yet the implementation of the EUCC might create confusion. For a time, only security experts will be able... Read More

The presentation will cover what EA is and how accreditation works in Europe, the requirements that we expect to be applicable to conformity assessment bodies operating in the EUCC (both... Read More

An expert panel focused on the potential implications EUCC will have for the Common Criteria landscape.

Scheme Update from the German Federal Office for Information Security (BSI).

This presentation will be an update on the Japanese Scheme.

The Cybersecurity Certification Centre (CCC) operates multiple schemes aimed at providing the security assurance that the product has undergone impartial examination and testing to ascertain that it is securely designed,... Read More

This expert panel features schemes, labs, and vendors talking about global developments in CC from their perspective.

After many years of hard work, the Hardcopy Devices iTC (HCD iTC) published their first HCD cPP v1.0 in August 2022. HCD iTC is a technical community to facilitate an... Read More

The Common Criteria in the Cloud Technical Working group has been working on a solution for this problem defined in 2020: There is not yet a defined and accepted method... Read More

Certificate maintenance is a quick and cost efficient process which allows us to extend the certificate validity to a new TOE version. However, the use of the maintenance process is... Read More

ENISA will present an update on EUCC, with a presentation of the legal text, and explaining the different assurance levels and which CABs will operate, how CCRA and SOG_IS mandatory... Read More

ENISA will present the possible evolution of the EUCC, such as new supporting documents into preparation, and possible evolutions in the selection of the standards supporting the accreditation of CABs…

Now that the EUCC act is in public review and soon will be signed, the long held questions of “how does a CAB implement the EUCC?” and how “how do... Read More

This talk will be an update on the Japanese Scheme.

An update from the CC scheme down under—the Australian Information Security Evaluation Program (AISEP)

The CCDB Crypto WG is tasked by the CCDB to develop a catalogue with a collection of often used crypto SFRs with already completed operations on the SFRs with the... Read More

With NIST requiring compliance with SP 800-9B and NIAP moving that way, figuring out how to meet all the 90B requirements has become a real challenge for vendors. This talk... Read More

The use of cryptographic primitives to safeguard sensitive information in hardware, software, and firmware products is witnessing widespread adoption. Recognizing the increasing cryptographic requirements, CCN (Certification Body for National Cryptology)... Read More

This talk will provide an update on the ND iT since the last ICCC, including the latest NDCPP and module postings. The speakers will discuss the current status of the... Read More

This talk highlights the progress made by the Hardcopy Devices international Technical Community (HCD iTC) in advancing hardcopy device security standards. It focuses on the development and publication of the... Read More

As many authorities and regulated industries have published guidelines emphasizing the importance of defense-in-depth and reliance on database security, the security of a Database Management System (DBMS) holds great relevance... Read More

This talk will explore the insights gained from the implementation of EUCC in the Netherlands. Additionally, future actions and the steps towards authorizing the issuance of the first EUCC certificates... Read More

This talk will discuss the latest updates of the French scheme. It will highlight the most recent improvements, especially an internal reorganization to welcome EUCC.

This talk will provide an update on the current strategic focus in the area of certification and standardization in Germany, as well as an update on the BSI CC scheme.

Updates on certification and national activities of the Italian Certification Body (OCSI), participating in CCRA and SOG-IS MRA as an authorizing member, will be provided, including preparatory activities to be... Read More

This talk covers the journey of the Turkish Standards Institution (TSE) in the Common Criteria domain, beginning in 2003 with the signing of the Common Criteria Recognition Arrangement (CCRA) on... Read More

This talk explores how a newly established National Cybersecurity Certification Authority (NCCA) is catching up with the certification field and the adoption of the EU Cybersecurity Schemes. It will discuss... Read More

This talk provides an update on NIAP and CCRA, U.S. Scheme Updates, and NIAP Top Five Priorities for the upcoming year.

Countries around the world are considering and passing legislation that affects networks, data, and critical infrastructure. Even when the main thrust of the proposals is not security but other policy... Read More

EN 17640 (FiT CEM), a new evaluation methodology for IT products focused on penetration tests in a predefined time frame, is an efficient and effective approach to evaluate resistance to... Read More

This talk will provide an update on EUCC, including how the act is now implemented, an overview of the scheme and related timelines, supporting documents (state-of-the-art and guidance), how maintenance... Read More

This expert panel will review achievable conditions necessary to obtain mutual certificate recognition between the CCRA and the EUCC.

This talk will provide an introduction to the latest version of the NDcPP as well as the FW Module and highlight the major changes compared to the previous version. It... Read More

This talk provides a comprehensive update from the Hardcopy Devices International Technical Community (HCD iTC), focusing on the recent enhancements and future directions in hardcopy device security standards. The session... Read More

This talk will provide an update on the work of the Biometrics iTC since the last ICCC. The topics covered will include: – Status update on the PAD-L2 project to... Read More

This talk will provide an update on the work of the DSC iTC over the last year. The topics will include: – Current status of updates to feedback from the... Read More

The Medical Devices Program has been developed at a fast pace. The methodology, workflow, and stakeholders have made it successful. IEEE will share the lessons learned and a blueprint for... Read More

This talk will include: Introduction to ISCI WG1; The history of the group; Members from across the industry; Motivation for change; Partnerships and liaisons with other technical groups; Current certification... Read More