Update on the Spanish Evaluation and Certification Scheme Luis Jiménez Head of the Certification Area Certification Body National Cryptologic Center National Intelligence Centre organismo. certificacion@cni. es
• Facts and figures 2006 -2007 • Ongoing support to the CC/CEM • Trends and perspectives • Contact data
Facts and figures 2006 -2007 We hosted the 2006 7 th ICCC, as a compliment to then just recently approved recognition of Spain as a Certificate Authorizing member of the CCRA. Since then: We passed the EN 45011 audit, and were accredited by ENAC as a certification body compliant with requirements of this standard, complementing the roles and responsibilities emanating from our legal framework with those applicable to EN 45011 certification bodies. In particular, this has let us work with a better fit under the digital signature national regulation.
Facts and figures 2006 -2007 We licensed the second evaluation facility, and received an application for a third laboratory, which is about to finish the licensing process: CESTI/INTA * Security level: CLASIFICADO * Evaluation standards and levels: o ITSEC, E 4; o Common Criteria/Common Evaluation Methodology, EAL 4+. LGAI Technological Center S. A. * Security Level: NO CLASIFICADO * Evaluation standards and levels: o Common Criteria/Common Evaluation Methodology, EAL 4+. Epoche and Espri S. L. U. (*) * Security Level: CLASIFICADO * Evaluation standards and levels: o ITSEC, E 3; o Common Criteria/Common Evaluation Methodology v 3. 1, EAL 4+. (*) Undergoing the licensing process
Facts and figures 2006 -2007 We have certified the security of nine products, and fourteen more are currently under evaluation. Some of these are being carried out using the ITSEC/ITSEM standards.
Ongoing support to the CC/CEM We have been supporting the CC by providing resources to the maintenance of the standard both at the CC and ISO. Our support will be maintained for 2008 and beyond, seeking to contribute to the making of CC/CEM v 4. 0, aka “El dorado”. For the last three years Spain has been sponsoring the familiar www. commoncriteriaportal. org. This will be maintained, but we plan to make it the central ISO/IEC PP registry, in accordance with ISO/IEC 15292 -- Information technology -- Security techniques – Protection profile registration procedures
Trends and perspectives The culture of requiring IT with certified security is catching up in Spain. Some initiatives in the area of digital signature, and specially related to the national electronic id card are about to boost the demand of certified applications and devices. The CCN is both taking measures to improve the efficiency of the licensed labs and planning ahead its own capabilities to cope with this expected boost.
Contact data Find the web site of the Scheme at www. oc. ccn. cni. es
Question welcomed Luis Jiménez Head of the Certification Area Certification Body National Cryptologic Center National Intelligence Centre organismo. certificacion@cni. es