Track Keynote: How Europe’s Cyber Security Act and CCRA Can Be Best Friends (U12a)
Currently Europe implements a Cyber Security Act (CSA) which amongst others sets up a European IT-Security certification framework. It is more than an educated guess that the first implementation of a so called European certification scheme will be based on Common Criteria. The public draft already shows colliding aspects with the CCRA. Can CSA and CCRA co-exist or even mutually recognize certificates? Can European countries still issue certificates under the CCRA? It is expected that by the time of the conference, European Council, European Parliament and European Commission have agreed on the act. In this presentation all key features are analysed between CSA and CCRA. Incompatibilities are explained and possible solutions are presented, how to bring the Common Criteria EU Cybersecurity Certification Scheme (is it SOGIS-MRA 2.0?) and CCRA together. Examples of such aspects are certificates being issued by private certification bodies, CC usage might be limited to high assurance level, lacking acceptance of cPPs, alternative approaches to product certification might be drafted as European Scheme or the European Commission being the responsible entity the CCRA would have to talk to. Chances of the new development will be explained to show opportunities for Vendors, Labs and certification bodies.