ICCC25 Conference Agenda

Sapphire Room

13:40 The Journey: Adapting CC Projects In A Changing Compliance Landscape – From Legacy CCv3.1R5 To CC:2022 And EUCC (A12a) Katia Rojas, Compliance Program Manager, SUSE Software Solutions Germany GmbH, Germany; Michael Vogel, Managing Director, atsec information security GmbH, Germany

14:10 First Experiences On CCDB-018 (A12b) Jussipekka Leiwo, Security Strategy Consultant, DNV Cyber, Finland

14:40 Developing Evaluation Documents For Protection Profile For Prepare-And-Measure Quantum Key Distribution Modules (A12c) Kenji Yamaya, Director of Evaluation Center, ECSEC Laboratory Inc, Japan

Emerald Room

Track Sponsor

13:40 2025 CC Statistics Report “Global CC Statistics At The Start Of The EUCC Era” (L12a) José Manuel Pulido, Director, jtsec, Spain

14:10 Beyond the Speed of Change: Evolving Security Evaluation for Rapid Technology Development (L12b) Dan O’Loughlin, Vice President Engineering, Qualcomm Inc., United States

14:40 Aligning Common Criteria with NCCS: Streamlining Compliance for OEMs (L12c) Shubham Singh, Lead Engineer, Intertek Acucert Labs, India

Ruby Room

13:40 One Year On—Impacts Of ‘Non-Security’ Regulation And Laws On National Security And Products (U12a) Adam Golodner, Managing Partner, AMG Global Cyber Law, PLLC, United States

14:10 One Year Of EUCC: Addressing Implementation Challenges Through Collaboration (U12b) Xenia Kyriakidou, Head of National Cybersecurity Certification Authority of Cyprus; Roland Atoui, Managing Director, Red Alert Labs, France

14:40 Certificate Monitoring As A Service In The Cybersecurity Certification Sector (U12c) Gaetano Cavarretta, Senior Officer, National Cybersecurity Agency – Agenzia per la
Cybersicurezza Nazionale (ACN), Italy

15:40 pKVM SESIP 5 Evaluation Abstract (A13a) Brian Wood, Program Manager, Google, United States; Anders Olof Möller, R&D Manager and Senior Cybersecurity Specialist, DEKRA Testing and Certification

16:10 Review Of Hongmeng Kernel Certifications And Future Ideas (A13b) Zhe Liu, Chief Expert for OS Kernel Certification Management and Technology Planning, Member of openEuler Security Committee, Huawei Technologies, Co., Ltd., China

16:40 How To Execute Successful Evaluation Projects At The Highest Levels Of Assurance? (A13c) Ellen Wesselingh, Senior Security Architect, Fox Crypto B.V., Netherlands; Jasiek Tabeau, Project Director for Certification, Keysight Riscure, Netherlands

15:40 CC/SESIP As A Vehicle For Compliance Across Industries (L13a) Tobias Wagner, Head of BSI ITSEF, Brightsight, an SGS Company, Austria

16:10 Bringing Common Criteria Into Vehicle Components (L13b) Namseok Kim, Cybersecurity Specialist, LG Electronics, South Korea

16:40 Securing The Future Of IoT Devices In Australia (L13c) Sebastian Scandura, Chief Risk Officer, Securus Consulting Group, Australia

15:40 Korean Scheme Updates (U13a) Eunkyoung Yi, Manager/Principal Researcher, National Security Research Institute, IT Security Certification Center, South Korea

16:10 Scheme Update Of The Italian Certification Body Towards EUCC (U13b) Tiziano Inzerilli, Coordinator of OCSI, ACN – Agenzia per la Cybersicurezza Nazionale, Italy

16:40 US Scheme Update (U13c) Angela Soum, NIAP, United States

Sapphire Room

09:00 An (Updated) Journey Through Attack Potential, CVSS Score And EPSS Score (A20a) Mirko Malacario, Senior Officer, National Cybersecurity Agency – Agenzia per la Cybersicurezza Nazionale (ACN), Italy; Gianluca Roascio, Cybersecurity Expert, Agenzia per la Cybersicurezza Nazionale, Italy

09:30 Panel Discussion: Vulnerability Management In Certified Products: Beyond Certification Maintenance (A20b) Leader: Fabrice Heiser, Senior General Manager, Brightsight, a SGS company, SIngapore Panelists: Sylvain Guilley, CTO, Secure-IC, France; Sebastian Fritsch, Lab Manager/Head of ITSEF, secuvaera, Germany; Carolina Lavatelli, CTO & Founder, Internet of Trust, France;  Alireza Rohani, Certifier, TrustCB, France [60MIN]

Emerald Room

09:00 Navigating Module H Conformity Assessment For CRA Compliance—Perspectives From Notified Bodies And Manufacturers (L20a) Alvaro Ortega, Cybersecurity Operational Manager, DEKRA, Spain; Thomas Billeau, Director, Head of Security Certification, NXP Semiconductors, Germany

09:30 Fast-Tracking CRA And RED Compliance With EUCC: A Regulatory Alignment Blueprint For ICT And IoT Security (L20b) Cansu Yener, Senior Certification Specialist, Bureau Veritas Cybersecurity, Netherlands

10:00 Combined Evaluations For EUCC And NIAP Protection Profiles—A Dual Approach For Global Assurance (L20c) Wei Yuan, Director of Operations, Cybersecurity BU, Applus+ Laboratories, Spain

Ruby Room

09:00 French Scheme Update (U20a) Géraldine Avoué, Security Expert, ANSSI, France

09:30 Update Of The German CC Certification Scheme (U20b) Jonas Fiege, CC Certifier, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany

10:00 Spanish Scheme Update (U20c) Luis Fernandez, Representative, CCN, Spain

11:00 Navigating PP-Configuration Complexity: Toward Reliable And Scalable Security Target Development (A21a) Joachim Vandersmissen, IT Security Consultant, atsec information security corporation, United States

11:30 Implementing Common Criteria Certifications For The 3D Additive Manufacturing Process (A21b) Alan Sukert, Chair IDS Working Group, ISTO Printer Working Group, PWG, United States

12:00 Secure Erase—The Final Frontier? (A21c) David Low, Principal Security Engineer, Teron Labs, Australia; Hin Chan, Manager – Australian Certification Authority, Australian Cyber Security Centre, Australia

11:00 EUCC – CRA Mapping (L21a) Philippe Blot, Head of Sector Certification, ENISA, Greece

11:30 Panel Discussion: On The Achievements And Challenges For EUCC- And CCRA-Certifications (L21b) Leader: Susanne Pingel, Bundesamt für Sicherheit in der Informationstechnik (BSI) Panelists: Rasma Araby, Managing Director atsec SE, atsec information security corporation, Sweden; Jonas Fiege, CC Certifier, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; Tiziano Inzerilli, Coordinator of OCSI, ACN – Agenzia per la Cybersicurezza Nazionale, Italy; Katia Rojas, Compliance Program Manager, SUSE Software Solutions Germany GmbH, Germany [60MIN]

11:00 Japan Scheme Update (U21a) Toru Hashimoto, Assistant Manager, IPA, Japan

11:30 Canada Scheme Udpate (U21b) Cory Clark, Supervisor Canadian Common Criteria Program, Canadian Centre for Cyber Security, Canada

12:00 NL Scheme Update (U21c) Glenn Wever, Security Specialist EU Cybersecurity Certification, Dutch Authority for Digital Infrastructure, Netherlands, Netherlands

13:30 How To Model Secure Remote Development Work (A22a) Michael Meissner, Certifier, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany

14:00 Maintaining Assurance In Fast-Paced Software Development: Automation, Delta Evaluation, And Applicability To Common Criteria (A22b) Jiwon Han, M.S. Candidate, Korea University / Senior Researcher, TTA (Telecommunications Technology Association); Co-Written by:  Professor Seungjoo Kim, Korea University, South Korea

14:30 Developer Pain Points: The Escalating Cost Of Common Criteria Compliance In A Fragmented Certification Landscape (A22c) Nurul Asha Binti Jeffridin, Analyst, Cybersecurity Malaysia, Malaysia

Track Sponsor

13:30 Cloud-Ready Protection Profiles: Evolving The Database cPP (D22a) Brandon Harvey, Principal Security Analyst, Oracle, United States

14:00 Evaluation Of Cloud Hosting—A Proposal To Update The NIAP GPOS And Virtualization Protection Profiles (D22b) Tyrone Stodart, Senior Principal Security Analyst, Oracle Corporation UK Ltd, United Kingdom

14:30 Common Criteria Evaluation For Cloud Services—Lightship Security’s Experience And The NIAP Shift (D22c) Lachlan Turner, Director Cyber Labs, Lightship Security | Applus+ Laboratories, Canada

13:30 Biometrics Security iTC Update (U22a) Brian Wood, Program Manager, Google, United States

14:00 Network Device iTC (U22b) Kristy Knowles, Security Research Engineer, Cisco, United States

14:30 Hardcopy Devices iTC Update (U22c) Kwangwoo Lee, Security Architect, HP, South Korea

15:30 CUSTODES: A System For Agile Conformity Assessment Of Security Of Composite Products And Services (A23a) Antonio David Vizcaino Gomez, Cybersecurity Technical Sales, DEKRA, Spain

16:00 Trusting The Layering Process (A23b) Shawn Geddis, Chief Technology Officer, Katalyst LLC, United States

16:30 Evolving Common Criteria Toward Continuous Assurance And Partial Compliance (A23c) Roland Atoui, Managing Director, Red Alert Labs, France; Brent Searle, Security Research Engineering Technical Leader, Cisco, United States

15:30 Secure Cloud Integration: How CC Assurance Anchors Operational Trust (D23a) Jens Oberender, IT-Security Consultant, SRC Security Research & Consulting GmbH, Germany

16:00 The intersection Of EUCC With European Cybersecurity Regulations (D23b) Dean Zwarts, Senior Business Manager Cybersecurity, UL Solutions, Netherlands

16:30 Building Trust In OT: Leveraging Common Criteria For Effective Cyber Defense (D23c) Ramy Abbas, Cyber Security Business Consultant, Honeywell, Qatar

15:30 Common Criteria (CC)—Maintenance And Development—What’s New In 2025 Version (U23a) Elżbieta Andrukiewicz, ITSEF Manager, Warszawa National Institute of Telecommunications, Poland; Carolina Lavatelli, CTO & Founder, Internet of Trust, France; Kwangwoo Lee, Security Architect, HP, South Korea; Susanne Pingel, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany

16:00 CCDB Crypto Working Group Report (U23b) Jonas Fiege, CC Certifier, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany

16:30 Defense In Depth Using Certified Products (U23c) Chris Gugel, Lab Director, Booz Allen Hamilton, United States

Sapphire Room

09:00 Thinking Backwards. A Proposal From CB Perspective For AVA Continuous Improvement (A30a) Lorenzo Zamburru, Senior Certifier, ACN – Agenzia per la Cybersicurezza Nazionale, Italy

09:30 The Security of Chiplets (A30b) Sylvain Guilley, CTO at Secure-IC, France

10:00 Improving CC Evaluation Efficiency Through MAL (A30c) Yejun Kim, PhD research fellow, Korea University, South Korea; Seungjoo Kim, Professor, Korea University, South Korea

Emerald Room

09:00 Architecture-Aware Packages For High-Assurance Physical Security (M30a) Sebastien Colle, Head of Security, Infineon Technologies AG, Germany

09:30 Adressing The Real World: Challenges In Defining A WSCA Protection Profile For An Existing Ecosystem (M30b) Marc Le Guin, Head of Evaluation Body for IT Security, TÜV Informationstechnik GmbH, Germany

10:00 Leveraging Common Criteria To Align With IEC 62443 (M30c) Ibrahim Kirmizi, Senior Security Consultant, Bureau Veritas Cybersecurity, Netherlands

Ruby Room

09:00 Dedicated Security Components iTC Update (U30a) Joachim Vandersmissen, IT Security Consultant, atsec information security corporation, United States

09:30 Panel Discussion: iTC’s Lessons From The Past, Working In The Present, And Hopes For The Future (U30b) Leader: Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States Panelists: Kwangwoo Lee, Security Architect, HP, South Korea; Petra Manche, Common Criteria Manager, Cisco, United Kingdom; Brian Wood, Program Manager, Google, United States [60MIN]

10:45 Where Is The Best Place To Write New Security Requirement? (A31a) Brian Wood, Program Manager, Google, United States

11:15 How To Manage Certificates In The EUCC Framework – A Possible Approach For Assurance Continuity After The Issuance Of The Certificate (A31b) Massimiliano Orazi, Senior Officer, ACN – Agenzia per la Cybersicurezza Nazionale, Italy

11:45 Conformance Without The Complexity: A Roadmap For Regulatory Readiness (A31c) Alberto Fuentes, PhD, Founder, Digital Cubes, Spain

10:45 PQC: How To Make Sure That ITSEF And CB Are Ready? (M31a) Franck Sadmi, Head of the French Certification Body, ANSSI, France

11:15 CSP-Based Evaluation Of Applications In The Context Of Secure Elements (M31b) Annegret Schöffel, Federal Office for Information Security(BSI), Germany

11:45 Challenges And Strategies For Crypto Library Certification (M31c) Lucile Gallant Boisard, Cybersecurity Consultant, Internet of Trust, France

10:45 When AI Meets IA: Rethinking Assurance In The Age Of Intelligence (D31a) Naruki Kai, Information-technology Promotion Agency (IPA), Japan

11:15 AI-Driven Compliance: Redefining Global IoT Certification For The Age Of Regulatory Complexity (D31b) David Nosibor, Head of Business Development – CyberPass, Red Alert Labs, France

11:45 Platform For Evaluation, Audit And Testing For Artificial Intelligence (PET-Ai): Malaysia Government Journey On AI Adoptions (D31c) Nur Sharifah Idayu Mat Roh, Senior Analyst, CC Test Lab CyberSecurity Malaysia, Malaysia