Common Criteria

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

Common Criteria International Standards of secure computing and communications.

Context

Taxonomy

The entire document is filled with jargon of their own making. This linked document contains the most interesting terms. Some have been abstraction below.

  • TOE = target of evaluation  set of software, firmware and/or hardware possibly accompanied by guidance
  • TSF = TOE Security Function. The TSF is a generalization of the TCSEC concept of a TCB. (Trusted Computing Base.)

Meetings

2024-11-09

Hajj had the pleasure of attending and presenting at the International Common Criteria Conference in Doha, Qatar. It was a milestone event, marking the first time the conference has been held in the Middle East, hosted by #Qatar’s The National Cyber Security Agency. Notably, Qatar is already a member of the Common Criteria Recognition Arrangement (#CCRA), and #Jordan has now joined as well—a remarkable step forward for the region!

Congratulations to Centre for Cybersecurity Belgium, which has also joined the CCRA.

The conference was rich with insightful discussions on a range of significant topics, including updates on certification schemes, #EUCC implementation, the Cyber Resilience Act (#CRA), advances in vulnerability handling, accreditation of Conformity Assessment Bodies (CABs), and the application of Common Criteria (CC) in new domains like automotive security with #ISO21434, #cloud security based on #NIAP cPPs, #5G, and #eIDAS / #QSCD.

Regarding mutual recognition, #CCRA and European Union Agency for Cybersecurity (ENISA) are actively collaborating to establish mutual recognition of EUCC certificates, with the goal of achieving global interoperability.

In my presentation, I focused on optimizing #eUICC certification through EUCC, leveraging the Cryptographic Service Provider (#CSP) for streamlined composite certification. I also highlighted the importance of harmonizing EUCC with #GSMA’s #eSA scheme and using GSMA’s eUICC specifications as supporting evidence in EUCC evaluations.

While the conference showcased significant progress, many challenges remain to be tackled in the coming years.

References