IPSA: An Adaptation of Common Criteria for Malaysian Local Market (U13a)
Malaysian Common Criteria Evaluation and Certification (MyCC) scheme was developed in 2006. Since then a number of 65 products had been certified under the scheme. However, the local industry has provided feedback that Common Criteria (CC) duration is long and the cost is quite high. We have been receiving a lot of demands for a shorter and less expensive evaluation. Therefore, ICT Product Security Assessment (IPSA) was introduced by CyberSecurity Malaysia, an agency under National Cyber Security Agency (NACSA) of National Security Council in 2016. The testing methodology for IPSA is adapted from the CC. It involves only certain phases of the CC. Evaluated products will receive a Test Report, which specifies the test results for each conducted tests. No certification is provided, as the intended audience is the customer itself in order for them to improve their products. After almost 2 years, these presenters decided to move forward and provide certification for IPSA. For this purpose, a local scheme called Technology Security Assurance (TSA) is being developed and pilot projects are currently undergoing. The presenters will share on the IPSA that they have conducted (the requirements and lessons learnt) and will also share on the TSA scheme, which is currently being developed for the local market.