4-6 November | Sheraton Grand Doha, Qatar

Conference Presentations by Track

Jump to:    Plenary Presentations   |   Advances in CC   |   Meeting Customer Requirements   |   Updates from Schemes and iTCs   |   Assurance

Plenary Presentations

Day 1
30 Oct 2018
Day 2
16 Nov 2020

Keynote: Securing the Edge: The Role of Third-Party Security Verification (P00b)

Connected devices are becoming a major part of all our lives. Dedicated connected devices are becoming more and more use case based, targeting for example, industrial applications, household applications, automated...
Read More
Wolfgang Steinbauer

CET CCDB Update (P00c)

Session Description TBA
Rob Huisman

CCRA Update (P00d)

Session description TBA
Colin Whorlow

CET CCUF Update (P00e)

Session description TBA
Petra Manche

Panel Discussion on EUCC and CCRA: Market Impact (P00f)

Session description TBA
Roberto Cascella
Jonathan Sage
Aristotelis Tzafalias
Miguel Bañón
Michael Grimm

SGS and Graz University of Technology Announcing Launch of New Cybersecurity Research Center (P01d)

In 2019, SGS and Graz University of Technology (TU Graz) announced the Cybersecurity Campus Graz, where SGS then located its global headquarter for Cybersecurity Services next to TU Graz’ Cybersecurity...
Read More
Stefan Mangard
Martin Schaffer
Day 3
17 Nov 2020

atsec – All You Would be Looking for(P10d)

Join atsec colleagues from Germany, Italy, Sweden, China and the US for an overview of atsec’s global InfoSec service offerings with a special focus on Common Criteria for the ICCC....
Read More
Michael Vogel
Day 4
15 Nov 2022

Government Keynote Address: Certification as a Key Element for Cybersecurity (P10b)

Luis Jimenez was unable to attend. Jose Miguel Loste from the Centro Criptologico Nacional of Spain presented.
Luis Jimenez

CCDB Update (P11a)

Tiziano Inzerilli
Gil Bernabeu

Panel Discussion: ISO Update (P11d)

Carolina Lavatelli
Kwangwoo Lee
Elżbieta Andrukiewicz
Miguel Bañón
David Martin
Day 5
31 Oct 2023

CCDB/CCMC Update (P11ab)

Tiziano Inzerilli
Jon Rolf

CCUF Update (P11c)

This is on behalf of the 2022 – 2024 CCUF MG Chair. The Common Criteria User Forum provide a voice and communications channel among the CC community including the vendors,...
Read More
Petra Manche

Plenary Panel Discussion: EUCC (P11d)

Expert discussion on the status and outlook for EUCC.
Franck Leroy
Philippe Blot
Elżbieta Andrukiewicz
Jose Ruiz Gualda
Monique Bakker
Day 6
02 Nov 2023

Advances in CC Track

Day 1
30 Oct 2018

Track Keynote: Why I Care About the Security of Your Car (A12a)

Traditionally verification in automotive was centered around safety, protection against unintentional problems. Now it is time to look at security, or how do we protect against intentional problems? We show...
Read More
Wouter Slegers

Robustness Propagation Through Systems of Heterogeneous CC Components (A12b)

IoT systems become highly dynamic and configurable raising evaluation difficulties. They have multiple components with different robustness levels. Connect the components’ security functions during integration is essential. Our “Lego” methodology...
Read More

Why Composite Evaluations Fail (A13a)

The topic of this presentation is the current approach for composite evaluations (where a hardware platform is evaluated separately from the software running on the hardware) and its failure to...
Read More
Luis Barriga

A Compositional Certification Methodology For a COTS-Based System (A13b)

The aim of this presentation is providing an overview of the compositional security certification methodology to be used in the scope of MILS (Multiple Independent Levels of Security) evaluations and...
Read More
Alvaro Ortega Chamorro

Evaluation of Distributed Products in the CC Paradigm (A13c)

Distributed products evaluated under the Common Criteria paradigm have their own set of unique challenges. The Network Device iTC has supported distributed TOEs since the release of Network Device Collaborative...
Read More
Day 2
31 Oct 2018

Introducing the Partner Program Certification Concept (A20a)

The FIDO Alliance, a 250+ member association developing specifications and certification programs for simpler, stronger authentication, announced back in March 2018 the expansion of its certification program to include multi-level...
Read More
Roland Atoui

Basissicherheitszertifizierung (BSZ)—An Alternative Means to Achieve Assurance (A20b)

This session will present a new approach – BSZ – in the German scheme (comparable to CSPN in France) which aims at providing assurance while drastically reducing both time as...
Read More

TEE Certification: Managing Risk for Digital Services (A20c)

GlobalPlatform will present the use of Common Criteria to build a Trusted Execution Environment (TEE) security scheme. The speech will cover; Lessons learnt within the TEE ecosystem, The latest evaluation...
Read More
Gil Bernabeu

Common? C’mon! (A21b)

Common? C’mon! Over the years, the CC have struggled to establish a common understanding of where the bars shall be positioned that products must clear for a certain certification level....
Read More

Modular PPs: The Building Blocks of Tomorrow (A22b)

The concept of PP-Modules was added to the CC in 2017. The first PP-Modules are just now being written and published for public consumption. As a new concept, vendors and...
Read More

Next-Generation Tooling to Develop Protection Profiles, Automate Security Target Generation, and Support Evaluation Activity Reporting (A23b)

The speakers will showcase tooling that is freely available to the Common Criteria community on GitHub at https://github.com/commoncriteria. Major contributions include: (1) Development of a formally-defined XML schema that provides...
Read More
Robert Clemons
Day 3
18 Nov 2020

Cryptographic Agility in Security Standards (A20c)

More and more standards include the requirement for cryptographic agility. Although, these are just two simple words, they have a significant impact on how systems are designed around cryptographic algorithms....
Read More
Tomislav Nad

Application of the Common Criteria to Building Trustworthy Automotive SDLC (A21a)

The car industry’s digital transformation exposes new cybersecurity threats. In order to solve this, various standardizations on automotive cybersecurity are in progress, the most representative of which are the UNECE...
Read More
Seungjoo Kim
Sooyoung Kang
Seungyeon Jeong

Evolution Towards Evaluation of HW IP Blocks (A21b)

Eurosmart ITSC, the evolution towards evaluation of HW IP blocks and the importance of vulnerability analysis and pen-testing against a properly defined PP to guarantee a high-level of security assurance. 
Jean-Philippe Galvan
Gordon Caffrey
Rachel Menda-Shabat

How ‘By-Parts’ Evaluation Achieves Certification Scheme Scalability (A21c)

Conciliating product-based security and IP-protected third-party supplies has become a cornerstone for certification schemes in many sectors. Chip manufacturers, for example, are looking to protect their IP from software providers...
Read More
Gil Bernabeu

Soft IP Certification, a Glimpse into the Future (A21d)

The next CC version will incorporate the Composite evaluation methodology as it has been already successfully used for decades within the domain of smart cards and similar devices. Composition evaluations...
Read More
Joop van de Pol

Formal Models for High-Assurance: Why and How (A22a)

EAL6 certifications have recently gained terrain. With CCv4 within reach and with an extensive experience in formal evaluations, the French and German schemes are proposing a formal methods usage approach...
Read More
Carolina Lavatelli

Cloud and Common Criteria: NWI ISO Proposal (A22c)

The Common Criteria has been a framework for product evaluation of security functions since its inception in the late 1990s. As DevOps became the trend for development of agile cloud...
Read More
Joshua Brickman
Day 4
15 Nov 2022

Good, Fast, Cheap: Why Not All Three? (A12a)

I know, I know: some of us come to the ICCC to complain that the CC only meets 1, maybe 2 of these goals. For possibly more years than we...
Read More
Wouter Slegers

Security: The Second Wave of Convergence (A12b)

During the 1990’s the introduction of the internet, web browser, email and resulting electronic services led to an initial commercialization wave of crypto and security technologies. During this time security...
Read More
Dan O’Loughlin

Confidential Security Evaluation Environment (A13a)

Is it possible to establish a confidential assurance environment that will allow independent 3rd party evaluators to conduct software security analysis of vendor proprietary (sensitive) software, while preserving the confidentiality...
Read More
Luis Barriga
Cheng Jiang

Smartcard and Similar Devices Site Audits and Cloud Applications (A13b)

Within the smartcard and similar devices domain, the site audit must complain to MSSR (Minimum Site Security Requirements). Some of the developer applications to be considered are no more hosted...
Read More
Christophe Bouly

ISCI WG1—High-Secure Remote Work—The Response to the Post-COVID Hybrid Mode Demand (A13c)

The COVID-19 pandemic crisis that hit the world in 2020, forced many companies to enable remote working opportunities to continue their operation while minimizing the amount of staff that had...
Read More
Dr. Karsten Klohs
Rachel Menda-Shabat
Day 5
16 Nov 2022

When the CCMB is Knocking at Your Door (A20a)

As one of the first iTCs, the Network iTC has received a list of comments from the Common Criteria Maintenance Board (CCMB) on its supporting documents for the NDcPP and...
Read More
Michael Vogel

CCCAB Tool—Making CABs Life Easy—Chapter 2 (A30b)

CCCAB (Common Criteria Conformity Assessment Body) Tool is a unique framework that will allow Common Criteria CABs to smooth the certification process for ICT products, reducing the cost and time...
Read More
Jose Ruiz Gualda

Update on Transition Guide 22216 (A20c)

New concepts and changes in the 2022 edition of the CC standard. CC revision by ISO has generated lot of expectations since the process started back in 2016. With the...
Read More
Carolina Lavatelli

Pre-Silicon evaluation will save EUCC (A21a)

In this presentation the speaker will address one of the main challenges of CC evaluation/certification of mobile SOC’s and integrated SE’s. The current timelines for testing of the SOC are...
Read More
Pascal van Gimst

Keep the Code But Not the Flaws: A New Approach to Source Code Analysis (A21b)

In recent years, the CC community has intensely discussed the pros and cons of source code analysis as part of CC evaluations. There have been numerous concerns about losing intellectual...
Read More
Michael Scheibel

Automation Update: Automating Towards a Better Tomorrow (A21c)

Generating and validating a security target has historically been a thankless, tedious, and error prone endeavor. NIAP’s automation effort strives to turn this months-long slog into a pain free guided...
Read More

How to Manage Evaluations for Higher EALs? (A22a)

ITSEF of Łukasiewicz-EMAG Institute has finished the first pilot evaluation for software TOE (EAL 4+) within the Polish Common Criteria evaluation scheme. The Polish evaluation scheme resulted from an R&D...
Read More
Dariusz Rogowski

Developing an EAL2 Protection Profile and an Evaluation Methodology Document for Prepare and Measure Quantum Key Distribution Modules (A22b)

Quantum Key Distribution (QKD), which enables information theoretically secure key establishment, is about to be put into practical use. Security evaluation and certification of QKD modules are under standardization process...
Read More
Kiyotaka Hammura
Kenji Yamaya

Threats and Challenges for AI/ML Based Solutions (A22c)

AI/ML based solutions provide machines with intelligence where these solutions have the ability to process input from big data sets and provide outcomes. This is basically a prediction based on...
Read More
Mehmet Cakir

Applying the CC Framework for Soft-IP Evaluation Reuse (A23a)

Soft-IP cores facilitate chip development with reusable hardware blocks. Reuse of Soft-IP evaluation results has been experimented with, but there is no widely accepted practice. The Eurosmart Soft-IP taskforce prepares...
Read More
Ruud Derwig

Guidance for Support of Evaluation and Certification of PP-0117 Compliant Integrated Secure Elements (A23b)

To support a smooth and efficient evaluation of Integrated Secure Elements compliant to PP-0117 (also called the Secure Sub-System (3S) in SoC), ISCI-WG1 and JHAS have collaborated in developing several...
Read More
Monique Bakker

Cascading Evaluations—Can Downstream Vendors Benefit from Reference Evaluations (A23c)

Starting in 2019 with Android 9, Google started to evaluate Pixel devices to the requirements of the PP_MDF. While this directly supports Google in showing Pixel devices as capable of...
Read More
Edward Morris
Brian Wood
Day 6
17 Nov 2022

Taking the Guess Work out of Entropy Assessments! (A30a)

This presentation will outline the required steps to assess an entropy source including design analysis, entropy justification, and health testing to meet Common Criteria requirements from the NDcPP based on...
Read More
James Ramage

n-doc. An Open Source Platform for CC-Documentation (A30c)

n-doc is an open source platform for creating developer CC documentation. n-doc produces high quality PDF files with generated hyperlinks for easy navigation. n-doc consists of LaTeX macros, Lua programs,...
Read More
Alexander Krumeich
Day 7
31 Oct 2023

Spanish Initiatives on the Security Evaluation and Certification of Biometric Products (A12a)

Common Criteria and LINCE (i.e., Essential National Security Certification) are the two evaluation methodologies used by the Spanish Scheme to certify the security of IT products. However, these methodologies are...
Read More
Belén Fernández
Day 8
01 Nov 2023

Mobility in Cloudy Weather: Evaluating Cloud Products using NIAP’s Mobile Device Management PP (A21a)

On October 25, NIAP’s first public Cloud evaluation “kicked-off” – Microsoft Intune conforming to NIAP’s Mobile Device Management Protection Profile version 4.0 and Mobile Device Management Agent PP module version...
Read More
Jade Stewart

Panel Discussion: Common Criteria in the Cloud (A21b)

An expert discussion on the status and outlook for Common Criteria in the cloud.
Anne Gugel
Michael Angelo
Erin Connor
Joshua Brickman
Justin Fisher

Challenges in the Adoption of CC:2022 for Protection Profiles, PP Modules and Functional Packages (A22a)

The new version of Common Criteria includes new entities in its conceptual model, most of them based on the evolution of the NIAP’s evaluations (PP configurations, PP modules, Functional Packages,...
Read More
Alejandro Masino

PP-Modules and the Growth of Requirements—Will Decomposition Be a Boon or a Bane? (A22b)

PP-Modules and Functional Packages ensure common requirements across different product types, which is great and as it should be. Yet at the same time, this has led to an increase...
Read More
Brian Wood

Implementing Life Cycle & Supply Chain Controllability in SME (A23a)

This talk discusses the implementation of a measurable life cycle in a medium-sized company specializing in high-tech secure communication solutions. The company has developed and implemented models, processes, and tools...
Read More
Ellen Wesselingh

Results and Experience of the First Pilot on Patch Management (ALC_PAM) in BSI (A23b)

A high level of trustworthiness in CC certifications require high evaluation efforts, since proven security can only be based on knowledge and facts, not on trust. An unjustified criticism of...
Read More
Michael Meissner
Day 9
02 Nov 2023

Common Criteria as a Way to Secure Quantum Communication in Europe (A30a)

In their talk, the speakers will discuss how the implementation of Common Criteria will contribute to the growth of Europe’s industrial ecosystem for quantum communication technologies and systems. They will...
Read More
Anna Prudnikova

The Well-Documented Code: The Case for Generating Design Documentation from the Source Code (A30b)

The typical developer will document their source code reasonably well, at times substituting code comments for formal documentation entirely. Still, little effort is taken to generate documentation for evaluations from...
Read More
Dietmar Rosenthal

Certification Requirements of a Common Criteria Certification of a General Purpose Operating System Vendor (A30c)

Meeting Customers Expectations and Requirements in times of dramatically changing legal and technological environment is not easy. Upcoming legislation and regulation changes in Europe meet changes in the United States...
Read More
Knut Trepte

SBOM the Good, the Bad, and the Ugly (A31a)

Over the past two years, we have seen numerous failings of products due to issues within their software supply chain. Unfortunately, supply chains have become a key attack vector. Supply...
Read More
Michael Angelo

Common Criteria, the Building Blocks for Commerical Solutions for Classified (CSfC) (A31b)

Overview of the Commercial Solutions for Classified (CSfC) program’s structure and value to its end customer community, and this program’s reliance on layered security provided by multiple CC certified products....
Read More
Chris Gugel

DoDIN APL a Logical Extension to the Common Criteria Evaluation (A31c)

Overview the Department of Defense Information Network (DoDIN) Approved Products List (APL) certification as a DoD procurement requirement for hardware products. Compared and contrasted the objectives of CC and DODIN...
Read More
Herbert E Markle

Meeting Customer Requirements

Day 1
31 Oct 2018

PP v/s EAL: Where Does Security Assurance Reside? (M22b)

Over the last few years Common Criteria has gone through a major change, some would say an upheaval. With the move to PP/cPP based exact conformance paradigm, two distinct schools...
Read More
Day 2
16 Nov 2020

FIA’s OTP Security—a Common Criteria Approach (M01a )

The FIA (Fédération Internationale de l’Automobile) is currently publishing a report of the “On-Board Telematics Platform (OTP) Security”. It addresses the importance for Mobility Clubs and Independent Service Providers (ISP)...
Read More
Markus Wagner
Markus Bartsch

The Road to Smart Meter Security Requirements Acceptance (M01b)

CEN/CENELEC/ETSI and Smart Meter developers (ESMIG) started 7 years ago an initiative that resulted in a certified smart meter Protection Profile based on requirements from various countries and in line...
Read More
Willem Strabbing
Olaf Tettero

eHealth: Infrastructure and Evaluation in Germany (M01c )

Digitalization of health systems is an ongoing process worldwide. This presentation gives an overview of the German eHealth scheme which is currently being established. Interaction of technical components (smart cards...
Read More
Sebastian Hoppach

FIPS vs CC: What Drives Certification Demand for HSMs? (M02a)

Product security certifications in today’s ever-changing environment are impacting traditional markets. Common Criteria certification demand has soared in the European regulated markets for digital signature (eIDAS), deprecation of NIST algorithms...
Read More
Natalya Robert
Ignacio Dieguez

Protection Profile for SaaS Multi-Tenant Cryptographic Isolation (M02b)

Presented is a customer experience journey in creating a draft Protection Profile for multi-tenant Software-as-a-Service (SaaS) applications running in a commercial public cloud. We define the security problem, threats, and...
Read More
Richard Tychansky
Day 3
17 Nov 2020

Trust Model for Verticals Over 5G (M10b)

5G systems support a wide range of verticals leading to different sets of security requirements. Some of these can be communalized, while others are exclusive to specific usages or associated...
Read More
Claire Loiseaux

You want what? By when?? …. Ok! (M10c)

We were already in an era where new TOEs must be on the market like clockwork: this year’s phone must be evaluated, certified, and production must have started, before the...
Read More
Wouter Slegers
Day 4
17 Nov 2022

Vulnerability Handling on Certified Solutions (M30a)

In CSA, the issue of addressing vulnerability handling for Certified Solutions holds an important role, as stated in Articles 51,54 and 55. These provisions are indicative of the strong importance...
Read More
Vicente Gonzalez Pedros

Panel Discussion: Vulnerability Handling and Disclosure (M30b)

An expert discussion on vulnerability handling. Topics include legal issues, how to monitor, time limits, complexity of handling, and the needs of consumers.
Vicente Gonzalez Pedros
Christiane Droulers
Gabor Hornyak
Javier Tallon

Satisfying the Requirements of a Multi-Scheme Security Certification Effort—Striking Just the Right Balance (M31a)

Some products seem to defy certification when they are validated against a single security evaluation scheme. This situation becomes more difficult when validation against a second scheme is required and...
Read More

Is Automation Necessary for the CC Survival? (M31b)

The use of different automation tools in Common Criteria is a reality. In recent years, it has been demonstrated that the capacity to take on a large number of Common...
Read More
Pascal van Gimst
Alexander Krumeich
Jose Ruiz Gualda
Lachlan Turner
Day 5
31 Oct 2023

Panel Discussion: Vulnerability Handling and Disclosure, Assurance Continuity Processes (M12a)

Expert discussion on the status and outlook of vulnerability handling.
Dan O’Loughlin
Henry Tan
Matthias Intemann
Javier Tallon
Day 6
01 Nov 2023

Customer-Provided Entropy Provision for Virtual Machines in Hypervisor Environments (M22a)

Virtualized environments rely on high-quality entropy for generating cryptographic keys and securing sensitive data. In many cases, the entropy sources within the VM or sourced from hypervisor may be of...
Read More
Rumman Mahmud

Panel Discussion: Evolution of the Cryptographic Standards Ecosystem (M22b)

Expert discussion on the status and outlook of cryptographic standards.
Carolyn French
Tim Hall
Markku-Juhani Saarinen
Graham Costa
Yi Mao

Post-Quantum vs. AVA_VAN (M23a)

Can a Dilithium signing component meet the AVA_VAN.5 security level? At this level, the evaluating laboratory operates under “gloves off” conditions, thoroughly assessing the device’s security against a highly capable...
Read More
Markku-Juhani Saarinen

Post Quantum Cryptography: A Quintessential Quagmire (M23b)

Quantum computing is on the horizon, algorithm choices are crystalizing, and vendors are facing a forced trek through a lattice of uncertainty. This talk will discuss the quantum resistant algorithms...
Read More
Matthew Downey

Developing the Evaluation Methodology Document for Prepare and Measure Quantum Key Distribution Modules (M23c)

The actual operation of quantum key distribution (QKD), which is necessary for realizing information-theoretically secure key sharing, is about to begin in various countries. As part of the activities of...
Read More
Kenji Yamaya

Updates from Schemes and iTCs

Day 1
30 Oct 2018

Track Keynote: How Europe’s Cyber Security Act and CCRA Can Be Best Friends (U12a)

Currently Europe implements a Cyber Security Act (CSA) which amongst others sets up a European IT-Security certification framework. It is more than an educated guess that the first implementation of...
Read More
Matthias Intemann

Brexit, the EU Cyber Security Act, and Product Assurance in UK and the EU—An Update (U12b)

Following on from a presentation at ICMC 2018, this presentation will provide an update on progress with Brexit, the development of ENISA under the EU cyber security act; and the...
Read More
Day 2
16 Nov 2020

Biometrics Security iTC Update (U02a)

An update on the current status of the BIO-iTC, with a focus on the PAD toolboxes and how the requirements compare to the FIDO Alliance Biometric Certification program. The presentation...
Read More
Brian Wood

Network Device iTC Update (U02b)

The presentation includes an update of the ND iTC since the last ICCC, latest NDcPP and module postings, where we are today and what we are planning.
Kristy Knowles

German Scheme Update (U02c)

This presentation will be an update on the German schema.
Fritz Bollmann
Day 3
17 Nov 2020

Japanese Scheme Update (U10a)

Japanese Scheme Update
Toru Hashimoto

Hardcopy Devices iTC Update (U10b)

The purpose of the Hardcopy Devices collaborative protection profile (HCD cPP) is to facilitate efficient procurement of Commercial Off-The-Shelf product using the Common Criteria methodology for information technology security evaluation....
Read More
Kwangwoo Lee

KSO3C: Polish Schema for Evaluation and Certification Compliant with Common Criteria—Last Step Towards Recognition (U10c)

The project “National schema for the security and privacy evaluation and certification of IT products and systems compliant with Common Criteria” (KSO3C) is being implemented by a scientific consortium composed...
Read More
Elżbieta Andrukiewicz

Spanish Scheme Update (U11a)

This presentation by the Certification Body of the CCN is oriented to provide an update of the certification activities of the Spanish Scheme. In the last two years, the scheme...
Read More
Pablo Franco

ISCI-WG1 Contribution to the Common Criteria Methodology Improvement and Usage (U11b)

ISCI-WG1 is a key contributor in the Common Criteria (CC) and SOG-IS certification ecosystem. This talk is about ISCI-WG1 2020 achievements and how to tackle new challenges. Currently, ISCI-WG1 includes...
Read More
Francois Guerin

2020 Statistics Report. Is the Industry Surviving to Lockdown? (U11c)

CC Scraper is a python script that analyses automatically the information from the CC portal using OCR capabilities, pdf reading and other features providing a comprehensive statistics report of the...
Read More
José Pulido

Using the Common Criteria in Canada (U11d)

This presentation will focus on the goals of CC certification in Canada, such as international collaboration, economic benefits, and assistance to government, critical infrastructure, and non-traditional applications. Our experiences with...
Read More
Robert Harland

NIAP Update (U12a)

An update on efforts by NIAP.An update on efforts by NIAP.An update on efforts by NIAP.
Mary Baish

A Transition to New Algorithms: Encryption, Key Establishment and Entropy—the CMVP Perspective (U12b)

NIST has announced a transition to new algorithms that affect a wide range of cryptographic functions. The Triple-DES algorithm will be retired. The standards for key agreement, key transport and...
Read More
Allen Roginsky

NIAP Automation Work Update and Demo (U12c)

An update and demonstration of recent automation work by NIAP.
Robert Clemons
Day 4
15 Nov 2022

NIAP Looking Forward (U12a)

Highlight contributions that NIAP has made to the Common Criteria Recognition Arrangement by leading in Product Evaluations, Liaison between CCDB and CCUF, and serving as the CCMC Chair through 2023....
Read More
Shantel Powell

Guidance Development and Awareness Raising on EU Certification (U12b)

ENISA’s mission is not only to develop the future European Cybersecurity Certification Schemes and related documents but also to make sure the ecosystem has all tools in hand to apprehend...
Read More
Chloe Blondeau

Strategic Views on Scheme Development (U13a)

In this session you will receive all information necessary to know what’s about to happen in the EU Cybersecurity certification ecosystem and the conformity assessment developments related to the Cyber...
Read More
Renate Verheijen

An Update on the EUCC Scheme (U13b)

ENISA will provide an update on the progress of the EUCC scheme, including its supporting elements (guidance and state-of-the art documents, website, maintenance).
Philippe Blot

EUCC and Industry Security Levels: Are we Heading Towards Misalignment? (U13c)

The CSA will improve the general security level of products and services, yet the implementation of the EUCC might create confusion. For a time, only security experts will be able...
Read More
Olivier Van Nieuwenhuyze
Day 5
16 Nov 2022

EA Preparation for the EUCC (U20a)

The presentation will cover what EA is and how accreditation works in Europe, the requirements that we expect to be applicable to conformity assessment bodies operating in the EUCC (both...
Read More
Rosalina Porres Ortega

Panel Discussion: EUCC (U20b)

An expert panel focused on the potential implications EUCC will have for the Common Criteria landscape.
Alessandro Lazari
Franck Leroy
Jon Rolf
Roberto Cascella
Roland Atoui

Germany Scheme Update (U21b)

Scheme Update from the German Federal Office for Information Security (BSI).
Fritz Bollmann

Japan Scheme Update (U21c)

This presentation will be an update on the Japanese Scheme.

Singapore Scheme Update (U22a)

The Cybersecurity Certification Centre (CCC) operates multiple schemes aimed at providing the security assurance that the product has undergone impartial examination and testing to ascertain that it is securely designed,...
Read More
Henry Tan

Panel Discussion: Asian Schemes Dealing with Global Changes (U22b)

This expert panel features schemes, labs, and vendors talking about global developments in CC from their perspective.
Lim Soon Chia
Nathaniel Aliño
Toru Hashimoto

Hardcopy Devices iTC Update—HCD cPP v1.0 (U23b)

After many years of hard work, the Hardcopy Devices iTC (HCD iTC) published their first HCD cPP v1.0 in August 2022. HCD iTC is a technical community to facilitate an...
Read More
Kwangwoo Lee

Square Peg in a Round Hole—How the CC in the Cloud TWG is Making CC Work for DevOps (U23c)

The Common Criteria in the Cloud Technical Working group has been working on a solution for this problem defined in 2020: There is not yet a defined and accepted method...
Read More
Joshua Brickman
Day 6
31 Oct 2023

Assurance Continuity—Filling the Gap Between Maintenance and Re-certification (U13c)

Certificate maintenance is a quick and cost efficient process which allows us to extend the certificate validity to a new TOE version. However, the use of the maintenance process is...
Read More
Christian Krause
Day 7
01 Nov 2023

Update on EUCC (U20a)

ENISA will present an update on EUCC, with a presentation of the legal text, and explaining the different assurance levels and which CABs will operate, how CCRA and SOG_IS mandatory...
Read More
Philippe Blot

Possible Evolution of the EUCC (U20b)

ENISA will present the possible evolution of the EUCC, such as new supporting documents into preparation, and possible evolutions in the selection of the standards supporting the accreditation of CABs…
Philippe Blot

Implementation of and transition to EUCC (U20c)

Now that the EUCC act is in public review and soon will be signed, the long held questions of “how does a CAB implement the EUCC?” and how “how do...
Read More
Wouter Slegers

Japan Scheme Update (U21a)

This talk will be an update on the Japanese Scheme.
Toru Hashimoto

Australian Common Criteria Scheme Updates (U21b)

An update from the CC scheme down under—the Australian Information Security Evaluation Program (AISEP)
Hin Chan
Day 8
02 Nov 2023

CCDB Crypto Working Group Report (U30a)

The CCDB Crypto WG is tasked by the CCDB to develop a catalogue with a collection of often used crypto SFRs with already completed operations on the SFRs with the...
Read More
James Dondelinger
Frank Grefrath

What to Do About Entropy? (U30b)

With NIST requiring compliance with SP 800-9B and NIAP moving that way, figuring out how to meet all the 90B requirements has become a real challenge for vendors. This talk...
Read More
Lisa Rabe

The New Cryptographic Evaluation Methodology Created by CCN and How to Apply It for Common Criteria (U30c)

The use of cryptographic primitives to safeguard sensitive information in hardware, software, and firmware products is witnessing widespread adoption. Recognizing the increasing cryptographic requirements, CCN (Certification Body for National Cryptology)...
Read More
Jose Ruiz Gualda

Network Device iTC Update (U31a)

This talk will provide an update on the ND iT since the last ICCC, including the latest NDCPP and module postings. The speakers will discuss the current status of the...
Read More
Kristy Knowles

Advancing Hardcopy Device Security Standards: HCD iTC Update (U31b)

This talk highlights the progress made by the Hardcopy Devices international Technical Community (HCD iTC) in advancing hardcopy device security standards. It focuses on the development and publication of the...
Read More
Kwangwoo Lee
Alan Sukert

10 Years DBMS (i)TC—The Past, the Present, the Cloud (U31c)

As many authorities and regulated industries have published guidelines emphasizing the importance of defense-in-depth and reliance on database security, the security of a Database Management System (DBMS) holds great relevance...
Read More
Wolfgang Peter
Anantha Kandiah

Assurance

Day 1
17 Nov 2020

Reading Between the Lines, A Biometric Acceptance in Malaysia Voyage (S11a)

Malaysian has been using biometric fingerprint since 2001 when MyKAD first introduced. In the next few years, we envision a whopping change in trend since the other biometric modalities have...
Read More
Nor Zarina Zamri
Nur Iylia Roslan

Outbreak Impact in CC (S11b)

COVID-19 outbreak has brought difficulties and new challenges to the entire industry, including CC evaluations and certifications. Maintaining the CCRA terms in this new pandemic scenario is crucial, for which...
Read More
Alvaro Ortega Chamorro

End-to-End Side-Channel Detection Methodology (S11c)

Side-channel evaluation relies, for CC labs, on the lab expertise. However, owing to the dissemination of SCA requirements, a formal methodology is welcomed. Pioneering work done in ISO/IEC 17825 —...
Read More
Sylvain Guilley

JHAS Rating Approach and Assessment of SW Vulnerabilities—All ITSEFs Will Become Hackers (S11d)

We start from a question: How do we rate overall attack resistance level of a solution which is subjected to software exploitation attacks? In this presentation, we discuss solutions currently...
Read More
Jasmina Omic

Towards Creating an Extension for Patch Management for ISO/IEC 15408 and ISO/IEC 18045 (S12a)

Common Criteria (CC) or ISO/IEC 15408 allows the certification of the assurance of IT products. The standard has proven to be flexible for high-security use-cases especially for secure elements, security...
Read More
Sebastian Fritsch
Javier Tallon

The Changes of Change Management (S12b)

Evolution of the management of the changes in Common Criteria through the work of the ISCI WG1 “Changing certified products” subgroup and Thematic Group 5: “Continuity assurance and handling of...
Read More
Gabor Hornyak

Results on Automating National Information Assurance Partnership (NIAP) Requirements Testing for Mobile App Vetting (S12c)

U.S. government agencies need to quickly and affordably assess whether their mobile apps are compliant to NIAP’s Protection Profile for Application Software. A pilot conducted by DHS proved automated app-vetting...
Read More
Vincent Sritapan
Angelos Stavrou