How to Manage Evaluations for Higher EALs? (A22a)
ITSEF of Łukasiewicz-EMAG Institute has finished the first pilot evaluation for software TOE (EAL 4+) within the Polish Common Criteria evaluation scheme.
The Polish evaluation scheme resulted from an R&D project: “National schema for the security and privacy evaluation and certification of IT products and systems compliant with Common Criteria (KSO3C)”, 2018 – 2022. The project is a joint initiative of three institutes: National Institute of Telecommunications, NASK -Research and Academic Computer Network, and Łukasiewicz – EMAG.
ITSEF Manager refers to experiences and lessons learned from the pilot evaluation. Evaluators faced many obstacles and difficulties in the evaluation activities, especially during the testing and vulnerability analysis stages. The Manager also had to tackle delayed deliveries of evidence documentation. A dedicated work units spreadsheet is prepared to facilitate the monitoring and management of all evaluation activities. It includes verdicts, the status of ETRs and ORs, and records from CB and a TOE developer.