ENAC at the International Common Criteria Conference
On November 16, Rosalina Porres, head of ENAC's ITC area, participated in the International Common Criteria Conference (ICCC). This is the main meeting point for the professional community involved in the Common Criteria, a security assessment and certification scheme on IT product's compliance with security requirements.
During her presentation, which she gave on behalf of European Accreditation, the European accreditation bodies organisation, she addressed the requirements established in the EUCC for conformity assessment bodies, as well as the actions developed by EA as part of the European accreditation bodies’ preparation for implementing the scheme.
“For ENAC, participating in the International Common Criteria Conference, the main forum for the professional community involved in Common Criteria (CC), which certification bodies, government experts, assessment laboratories and industry participate in, is a great opportunity to learn about trends in computer product and system security and to share accreditation's role in the new certification schemes under the Cybersecurity Act framework with cybersecurity experts. These aim to guarantee IT products and services' compliance with certain security requirements, "says the head of the ITC area.
In addition, during the Q&A, attendees raised questions on topics such as EA's recommendation to modify the applicable accreditation standard in some activities or on EA's peer review process.
For further information, download the presentation from the following link.
European level Cybersecurity certification
The EUCC, or EU Certification scheme on Common Criteria, is one of the schemes that the European Union Agency for Cybersecurity, ENISA, is developing within the Cybersecurity Act provision's framework. This scheme will replace the current European SOGIS (Senior Officers Group for Information Systems, Mutual Recognition Agreement), which enables product safety certificates to be recognized at the highest European Union levels.
Common Criteria provides a standardized set of security requirements for information technology products (hardware, software, or firmware), which provide confidence in the security assessments carried out on them. One of the most common applications of Common Criteria is the integrated circuits and smart card certification, which contribute to providing greater confidence about the security of devices with electronic signatures (passports, bank cards or tachographs, among others).
Likewise, at the European level, other schemes are being developed such as the EU Certification scheme on Cloud Services (EUCS) and the EU 5G scheme, with the EUCC being the most advanced in its development.
Accreditation News is published quarterly and sent to organizations and to people who have asked to be included on its mailing list.
Would you like to receive a free copy of Accreditation News? Subscribe here.