Common CC Criteria: Another Key to Efficiency (L02b)
We are continuously looking for efficient applications of the Common Criteria (CC). We create optimised methodology, utilise highly experienced people, and operate smooth processes to achieve that within the traditional CC schemes. There is however another place where we find great re-use and efficiency: in designing schemes with using Common CC Criteria.
For example, take the GSMA eSA scheme. This scheme describes the requirements for a secure eUICC (fancy SIM card), re-using the SOG-IS/EUCC CC certificate on the hardware against PP-0084, most likely also the crypto library and Java Card certification, using JHAS rating and ISCI WG1 site security approaches.
As a result, not only are these underlying certifications re-used, a developer can also chose to apply this under the EUCC and make it re-usable for the up and coming CSA “eIDAS on a phone” SAM initiative. Similar schemes like SESIP, re-using EUCC results into SESIP certifications, then building on that further for say the IoT requirements of IEC62443 and the various end-product requirements. This talk will go into what parts of the CC practice are common, how to easily re-use them, and what developments are happening already.