Quality for CABs as the Foundation of Cyber Trust : Leveraging ISO 17065 Within the Common Criteria Framework (A22c)
This talk explores the pivotal role of ISO/IEC 17065 – the international standard for bodies certifying products, processes, and services – as the bedrock of the Common Criteria ecosystem. The presenters will examine how the rigorous quality management requirements of ISO 17065 complement the technical depth of the CC framework to: • Standardize Certification Outcomes: Ensuring that “security” isn’t subjective, but a repeatable result of a high-quality process. • Enhance International Mutual Recognition: Demonstrating how ISO 17065 compliance facilitates trust between nations under the CCRA (Common Criteria Recognition Arrangement). • Mitigate Risks in the Evaluation Chain: Identifying how quality audits prevent “certification drift” and maintain the impartiality By bridging the gap between quality assurance and cybersecurity evaluation, this session will demonstrate that cyber trust is built not just on what is evaluated, but on the rigor of the system that validates it. Attendees will gain insights into optimizing their certification processes to meet the evolving demands of global cybersecurity regulations.