Smartcard and Similar Devices Site Audits and Cloud Applications (A13b)
Within the smartcard and similar devices domain, the site audit must complain to MSSR (Minimum Site Security Requirements). Some of the developer applications to be considered are no more hosted into the developer environment but are hosted into datacenters or into the cloud. If datacenters don’t give real complexity for auditors, cloud environment give some. Common criteria should always support security improvements and not reject solutions because the standard or the supportive documents don’t include yet. The presentation is expected to introduce some proposal to include cloud environment for CC EAL5/6 evaluation. In particular, some requirements related to physical security must be reconsidered because it will be almost impossible to assess during CC audits. Nevertheless, including some new concepts must include a risk assessment to mitigate risks to still achieve the EAL5/6 expected level. Submitted