Note: This is the agenda from ICCC 2022.
9:00 Welcome and Introduction (P10a) Wouter Slegers, ICCC Program Director, CEO, TrustCB, Netherlands; Josepmaria Roca, Director IT Labs Area, Applus+ Laboratories, Spain
09:15 Government Keynote Address: Certification as a Key Element for Cybersecurity (P10b) Luis Jimenez, Deputy Director, CCN, Spain
9:45 Industry Keynote Address: Engineering Perspective on Cybersecurity
(P10c) José Luis López Diez, Senior Vice President Engineering, Airbus Defence & Space, Spain
Moderator: Wouter Slegers, ICCC Program Director, CEO, TrustCB, Netherlands
11:00 CCDB Update (P11a) Tiziano Inzerilli, Organismo di Certificazione della Sicurezza Informatica (OCSI), Italy
11:15 CCRA Update (P11b) Jon Rolf, Director NIAP, National Security Agency, United States
11:30 CCUF Update (P11c) Petra Manche, Product Security Certification Lead Engineer, Cisco, United Kingdom
11:45 Panel Discussion: ISO Update (P11d) Moderator: Miguel Bañon, Independent Consultant, Convenor, ISO/IEC JTC 1/SC 27/WG 3, Spain Panelists: Carolina Lavatelli, CTO & Founder, Internet of Trust, France; Kwangwoo Lee, Security Architect, HP Inc, Korea; Elzbieta Andrukiewicz, ITSEF Manager, National Institute of Telecommunications, Poland; David Martin, ISO WG3 Editor, University of Bath, United Kingdom [60MIN]
Buenavista 1
Advances in the Use of Common Criteria Selling the Value of CC |
Moderator: Rob Huisman, NCCA Senior Security Specialist, Ministry of Economic Affairs and Climate Policy, Radiocommunications Agency Netherlands, Netherlands |
14:15 Good, Fast, Cheap: Why Not All Three? (A12a) Wouter Slegers, CEO, TrustCB, Netherlands
14:45 Labs AMA (Ask Me Anything) (A12b) Wouter Slegers, CEO, TrustCB, Netherlands; Markus Bartsch, Business Development IT Security, TÜV Informationstechnik, Germany; Yi Mao, Managing Director atsec information security corporation, United States; Lachlan Turner, Director Consulting, Lightship Security, Canada; Xavier Vilarrubla, COO, SGS Brightsight EUAM, Spain
Buenavista 2
Cybersecurity Certification Schemes Landscape History and Present |
Moderator: Kwangwoo Lee, Security Architect, HP, Korea |
14:15 The Long and Winding Road (L12a) Miguel Bañon, Independent Consultant, Convenor, ISO/IEC JTC 1/SC 27/WG 3, Spain
14:45 2022 CC Statistics Report: Will This Year Beat Last Year’s Record Number of Certifications? (L12b) José Manuel Pulido, Consulting Leader and Senior Evaluator, jtsec Beyond IT Security, Spain
Madrid 1&2
Updates from Schemes and ITCs US and EU |
Moderator: Petra Manche, Product Security Certification Lead Engineer, Cisco, United Kingdom |
14:15 NIAP Looking Forward (U12a) Shantel Powell, NIAP D/CH, NIAP, United States
14:45 Guidance Development and Awareness Raising on EU Certification (U12b) Chloe Blondeau, Seconded National Expert, European Union Agency for Cybersecurity (ENISA), Greece
Buenavista 1
Advances in the Use of Common Criteria Site Security |
Moderator: Anantha Kandiah, Director of Engineering, Teron Labs, Australia |
15:45 Confidential Security Evaluation Environment (A13a) Cheng Jiang, Principle Consultant, CC evaluator, atsec information security, Sweden; Luis Barriga, Ph.D., Principal Researcher, Ericsson, Sweden
16:15 Smartcard and Similar Devices Site Audits and Cloud Applications (A13b) Christophe Bouly, NXP Security Manager, NXP Semiconductors, France
16:45 ISCI WG1—High-Secure Remote Work—The Response to the Post-COVID Hybrid Mode Demand (A13c) Dr. Karsten Klohs, Director Business Development Security Engineering, Achelos, Germany
Buenavista 2
CC In New Domains Automotive |
Moderator: Jose Emilio Rico, Cybersecurity Division Director, DEKRA, Spain |
15:45 Automotive Cybersecurity: Could You Trust the Connected Car? (D13a) Markus Bartsch, Business Development IT Security, TÜV Informationstechnik, Germany
16:15 CCC Digital Key: A Worldwide Standard That Enables Our Mobile Devices to Replace Traditional Keys to Give Access to Our Vehicles (D13b) Georg Stütz, Car Connectivity Consortium, Germany
16:45 Common Criteria in the Automotive Security Regulatory Domain—CC-Based Automotive Risk Assessment (D13c) Ena Kurtovic, Senior Certification Specialist, Secura, Netherlands
Madrid 1&2
Updates from Schemes and ITCs EU Updates |
Moderator: Petra Manche, Product Security Certification Lead Engineer, Cisco, United Kingdom |
15:45 Strategic Views on Scheme Development (U13a) Renate Verheijen, Legal Advisor on Cybersecurity, European Union Agency for Cybersecurity (ENISA), Greece
16:15 An Update on the EUCC Scheme (U13b) Philippe Blot, Head of Sector Certification, European Union Agency for Cybersecurity (ENISA), Greece
16:45 EUCC and Industry Security Levels: Are we Heading Towards Misalignment? (U13c) Olivier Van Nieuwenhuyze, Security Lobbying & Standardization Senior Manager, STMicroelectronics, France
2022 Common Criteria Certificate Presentation Ceremony
Participants will have the opportunity to be photographed receiving their CC certificates from the national schemes. (P14)
Host: Bob Clemons, Independent Consultant, United States
Enjoy an informal group dinner at one of Toledo’s top restaurants with your ICCC colleagues on Tuesday, 15 November. This is an add-on to the 3-day conference registration. For an additional fee you can reserve your seat for a prix-fixe dinner at a group table. Reserve early—seating is limited. On site, you’ll meet your group at 19:15 at the conference registration desk and depart from there.
Buenavista 1
Advances in the Use of Common Criteria Select Topics |
Moderator: Anantha Kandiah, Director of Engineering, Teron Labs, Australia |
09:00 When the CCMB is Knocking at Your Door (A20a) Michael Vogel, Managing Director, atsec information security, Germany
09:30 Use Case Related to the Software Product Evaluated with the Highest Attack Potential (A20b) Elzbieta Andrukiewicz, ITSEF Manager, National Institute of Telecommunications, Poland; Dr. Piotr Krawiec, National Institute of Telecommunications, State Research Institute
10:00 Update on Transition Guide 22216 (A20c) Carolina Lavatelli, CTO, Internet of Trust, France
Buenavista 2
CC In New Domains Select Topics |
Moderator: Kwangwoo Lee, Security Architect, HP, Korea |
09:00 Developing Common Criteria Certification for 3D Printing Equipment (D20a) Alan Sukert, Vice-Chair, Hardcopy Device international Technical Committee, United States
09:30 Security: The Second Wave of Convergence (D20b) Dan O’Loughlin, VP Engineering, Qualcomm Technologies, United States
10:00 Common Criteria and Quantum Crypto (D20c) Ravi Jagannathan, Information System Security Manager / Sr Distinguished Engineer, Palo Alto Networks, United States
Madrid 1&2
Updates from Schemes and ITCs EU Updates |
Moderator: Yi Mao, Managing Director atsec information security corporation HP, United States |
09:00 EA Preparation for the EUCC (U20a) Rosalina Porres Ortega, Head of Area of the Department of Laboratories and Product Certification, ENAC, Spain
09:30 Panel Discussion: EUCC (U20b) Moderator: Roberto Cascella, Head of Sector, Technology, Supply Chain & Strategic Autonomy, European Cyber Security Organisation (ECSO), Belgium Panelists: Roland Atoui, Managing Director, Red Alert Labs, France; Alessandro Lazari, Senior Key Account Manager, F24, Italy, Franck Leroy, Chief Conformity Officer, IN Groupe, France; Jon Rolf, Director, National Information Assurance Partnership (NIAP), United States [60 MIN]
Buenavista 1
Advances in the Use of Common Criteria Select Topics |
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States |
11:00 Pre-Silicon evaluation will save EUCC (A21a) Pascal van Gimst, Vice President Global Services Sales and Business Development, Riscure
11:30 Keep the Code But Not the Flaws: A New Approach to Source Code Analysis (A21b) Michael Scheibel, Project Manager, TÜV Informationstechnik, Germany
12:00 Automation Update: Automating Towards a Better Tomorrow (A21c) Kevin Gallicchio, Technical Leader, NIAP, United States
Buenavista 2
CC in New Domains Select Topics |
Moderator: Gabor Hornyak, Head of Site & Process Certification, NXP Semiconductors, Hungary |
11:00 The Evolution of Relational Database Management System (RDBMS) Certifications from On-Prem to Cloud—An Overdue Demand (D21a) Álvaro Ortega, Lab Manager, DEKRA, Spain; Wolfgang Peter, Principal Security Program Manager, Microsoft, Germany
11:30 Cloud HSM for Governments Enabled by CC (D21b) Nils Gerhardt, CTO, Utimaco, Germany
12:00 Lightweight Certification: From a Lab Point of View (D21c) Maria Christofi, Oppida, France
Madrid 1&2
Updates from Schemes and ITCs Scheme Updates |
Moderator: Hitoshi Matsumoto, Japan IT Security Evaluation and Certification Scheme (JISEC), Japan |
11:00 Spanish CB (CCN) Status Update (U21a) Pablo Franco, Head of Spanish Certification Body, CCN, Spain
11:30 Germany Scheme Update (U21b) Fritz Bollmann, Head of Software Certification, German Federal Office for Information Security (BSI), Germany
12:00 Japan Scheme Update (U21c) Toru Hashimoto, Assistant Manager, IPA, Japan
Buenavista 1
Advances in the Use of Common Criteria New Ideas |
Moderator: Fritz Bollmann, Head of Software Certification, German Federal Office for Information Security (BSI), Germany |
13:30 How to Manage Evaluations for Higher EALs? (A22a) Dariusz Rogowski, ITSEF Manager, Łukasiewicz Research Network – Institute of Innovative Technologies EMAG, Poland
14:00 Developing an EAL2 Protection Profile and an Evaluation Methodology Document for Prepare and Measure Quantum Key Distribution Modules (A22b) Kenji Yamaya, CC Manager, ECSEC Laboratory, Japan; Kiyotaka Hammura, Technical Researcher, National Institute of Information and Communications Technology (NICT), Japan
14:30 Threats and Challenges for AI/ML Based Solutions (A22c) Mehmet Cakir, CEO, BEAM Teknoloji A.Ş., Turkey
Buenavista 2
CC In New Domains Biometrics |
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States |
13:30 Evaluation of Presentation Attack Detection Mechanisms in Biometric Systems (D22a) Jonas Geilich, Evaluator and Consultant, TÜV Informationstechnik, Germany
14:00 Presentation of the Biometric Evaluation Procedure in Spain (D22b) Belén Fernández, CCN, Spain
14:30 Biometrics Security iTC Update (D22c) Brian Wood, Program Manager, Google, United States
Madrid 1&2
Updates from Schemes and ITCs Scheme Updates |
Moderator: Ravi Jagannathan, Information System Security Manager / Sr Distinguished Engineer, Palo Alto Networks, United States |
13:30 Singapore Scheme Update (U22a) Henry Tan, Deputy Director/Cybersecurity Certification Centre, Cyber Security Agency of Singapore Singapore
14:00 Panel Discussion: Asian Schemes Dealing with Global Changes (U22b) Moderator: Wan Shafiuddin Zainudin, Head, Information Security Certification Body, CyberSecurity Malaysia, Malaysia Panelists: Lim Soon Chia, Director (CSEC)/ Head Cybersecurity Certification Centre, CSA Singapore , Singapore; Toru Hashimoto, Assistant Manager, IPA, Japan; Hirotaka Yoshida, Team Leader, AIST, Japan; Nathaniel Aliño, Common Criteria Program Manager, T-Systems, Singapore
Buenavista 1
Advances in the Use of Common Criteria Re-use and Composition |
Moderator: Ritu-Ranjan Shrivastwa, Certification Program Manager, Secure-IC, France |
Track Sponsor
15:30 Applying the CC Framework for Soft-IP Evaluation Reuse (A23a) Ruud Derwig, System Architect, Synopsys, Netherlands
16:00 Guidance for Support of Evaluation and Certification of PP-0117 Compliant Integrated Secure Elements (A23b) Monique Bakker, Senior Security Evaluator, SGS Brightsight, Netherlands
16:30 Cascading Evaluations—Can Downstream Vendors Benefit from Reference Evaluations (A23c) Brian Wood, Program Manager, Google, United States; Edward Morris, Co-founder, Gossamer Security Solutions
Buenavista 2
CC In New Domains New Applications |
Moderator: Ravi Jagannathan, Information System Security Manager / Sr Distinguished Engineer, Palo Alto Networks, United States |
15:30 Certification Considerations for Open Source; The OpenTitan Project (D23a) Johann Heyszl, Security Engineering Manager, Opentitan, Google, United States
16:00 Panel Discussion: New Certification Schemes Based on CC (D23b) Moderator: Mike Grimm, Principal Security Program Manager, Microsoft, United States Panelists: Reinaldo Figueiredo, Vice President Conformity Assessment Strategy, ANSI National Accreditation Board/ANAB, United States; Ravi Jagannathan, Information System Security Manager / Sr Distinguished Engineer, Palo Alto Networks, United States; Nils Tekampe, IT Consultant, Konfidas, Germany; Wouter Slegers CEO, TrustCB, Netherlands [60 Min]
Madrid 1&2
Updates from Schemes and ITCs CC in Specific Domains |
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States |
15:30 Network Device iTC Update (U23a) Kristy Knowles, Security Research Engineer, Cisco, United States
16:00 Hardcopy Devices iTC Update—HCD cPP v1.0 (U23b) Kwangwoo Lee, Security Architect, HP, South Korea; Anantha Kandiah, Director, Teron Labs, Australia
16:30 NL Scheme Update and Preparation for the EUCC Scheme (U23c) Peter van Swieten, Senior Security Specialist European Cybersecurity Certification, Agentschap Telecom, Netherlands
Buenavista 1
Advances in the Use of Common Criteria Tool Support |
Moderator: Brian Wood, Program Manager, Google, United States |
09:00 Taking the Guess Work out of Entropy Assessments! (A30a) James Ramage, Cryptographic Security Testing (CST) – Senior Evaluator, Lightship Security, Canada
09:30 CCCAB Tool—Making CABs Life Easy—Chapter 2 (A30b) Jose Ruiz, CTO, jtsec Beyond IT Security, Spain
10:00 n-doc. An Open Source Platform for CC-Documentation (A30c) Alexander Krumeich, Head of Certification/Senior Software Developer, n-design GmbH, Germany
Buenavista 2
Meeting Customer Requirements Vulnerability Handling |
Moderator: Rob Huisman, NCCA Senior Security Specialist, Ministry of Economic Affairs and Climate Policy, Radiocommunications Agency Netherlands, Netherlands |
09:00 Vulnerability Handling on Certified Solutions (M30a) Vicente Gonzalez Pedros, Chair Thematic Group Vulnerability Handling on Certified Solutions, European Union Agency for Cybersecurity (ENISA), Spain
09:30 Panel Discussion: Vulnerability Handling and Disclosure (M30b) Moderator: Gabor Hornyak, Head of Site & Process Certification, NXP Semiconductors, Hungary Panelists Christiane Droulers, STMicroelectronics, France; Vicente Gonzalez Pedros, Chair Thematic Group Vulnerability Handling on Certified Solutions, European Union Agency for Cybersecurity (ENISA), Spain; Javier Tallon, Technical Director, jtsec, Spain [60 MIN]
Madrid 1&2
Cybersecurity Certification Schemes Landscape Select Topics |
Moderator: Michael Vogel, Managing Director, atsec Information Security, Germany |
09:00 How Do Other Schemes Reinforce Common Criteria Certifications? (L30a) Sylvain Guilley, CTO, Secure-IC, France
09:30 Much Ado About Blocking (L30b) Marina Ibrishimova, Cyber Security Consultant, Lightship Security, Canada
10:00 Eurosmart ISCI WG1—Evaluation Methodology for High-Security Evaluations (L30c) Jan Eichholz, Head of Security Consulting, Giesecke+Devrient GmbH, Germany
Buenavista 1
CC in New Domains Modules and Mobiles |
Moderator: Michael Vogel, Managing Director, atsec Information Security, Germany |
10:45 Building Resilience into Mobile Network Equipment Security (A31a) Vinny Robertson, Technical Sales Manager, GSMA, United Kingdom
11:15 Mobile Device Evaluation? Which PP? (A31b) Rasma Mozuraite Araby, CEO, Lab Manager, atsec information security, Sweden
11:45 Ch-ch-ch-ch-changes! Impact of Algorithm Transitions on PP-Based CC Evaluations (A31c) Ryan Thomas, CSTL Certification Program Director, Lightship Security, Canada
Buenavista 2
Meeting Customer Requirements Process Improvement |
Moderator: Ed Morris, Co-founder, Gossamer Security Solutions, United States |
10:45 Common Criteria Certification of Electric Vehicle Charging Solutions (M31a) Yasir Emre Bulut, Director, OKTEM Laboratory, Turkey
11:15 Is Automation Necessary for the CC Survival? (M31b) Moderator: José Ruiz, CTO, jtsec Beyond IT Security, Spain Panelists: Kevin Gallicchio, Technical Leader, NIAP, United States; Alexander Krumeich, Head of Certification/Senior Software Developer, n-design GmbH, Germany; Lachlan Turner, Director Consulting, Lightship Security, Canada; Pascal van Gimst, Vice President Global Services Sales and Business Development, Riscure [60 MIN]
Madrid 1&2
Cybersecurity Certification Schemes Landscape Cryptographic Standards |
Moderator: Sylvain Guilley, CTO, Secure-IC, France |
Track Sponsor
10:45 ISO/IEC 29128-3: A New Paradigm of Cryptographic Protocol Verification Using CC Methodology (L31a) Ritu Ranjan Shrivastwa, Certification Program Manager, Secure-IC, France
11:15 Panel Discussion: Evolution of the Cryptographic Standards Ecosystem (L31b) Moderator: Yi Mao, Managing Director, atsec information security corporation, United States Panelists: Graham Costa, Co-Editor ISO/IEC 19790, Security and Certifications Manager, Thales, United Kingdom; Naruki Kai, IPA, Japan; Dan O’Loughlin, VP Engineering, Qualcomm Technologies, United States; Jon Rolf, Director, National Information Assurance Partnership (NIAP), United States [60 MIN]
Buenavista 1
12:30 Summary Panel Discussion: Looking Forward (P32a)
Moderator: Alban Feraud, International Organizations & Regulatory Affairs, Strategy & Market Officer, IDEMIA Public Security & Identity, and President, EUROSMART, France Panelists: Philippe Blot, Lead Expert Certification, ENISA, Greece; John Boggie, Director, Head of Cybersecurity Certification, NXP Semiconductors, United Kingdom; Shaunak Shah, Engineering Manager | Lab Manager, CC, Intertek Acumen Security, United States; Laurie Mack, Director Security, and Certifications, Thales, Canada [60MIN]
13:30 Announcement of ICCC 2023 (P32b) Shantel Powell, NIAP D/CH, NIAP, United States