BSI wants to inform members of the German certification scheme and users to be up to date regarding the national certification policy.
The German Common Criteria Certification Scheme of the Federal Office for Information Security (BSI), considering the ratification of the revised CCRA has determined their policy how to use collaborative Protection profiles (cPPs) in their scheme in relation to the national and European context. International mutual recognition of certificates under the terms of CCRA is based on evaluations that claim compliance to cPPs or Evaluation Assurance Levels 1 through 2. Members of SOGIS-MRA mutually recognise certificates up to and including Evaluation Assurance Level 4 or higher for defined Technical Domains.
National competent authorities are collaborating within SOG-IS MRA at European level. Hence, SOG-IS MRA is the single point of contact for all stakeholders including the Commission when it comes to IT security product certification. This group provides a neutral and objective platform to address todays trust challenge in a pragmatic, result-oriented manner. SOG-IS MRA particularly promotes so-called recommended Protection Profiles that are of interest to all members and might possibly be EU mandated. They are harmonised by all members following an endorsement procedure and therefore sustainably enforce the trust in the digital society and economy.
IT-security of products is essential in building the trust of citizens, businesses and administrations in the digital society, in particular while protection of privacy online has become a growing concern in the EU. Several EU legislations now mandate high assurance IT security product certification. The supporting PPs are developed by European Standardisation Organisations or other bodies, published as SOG-IS MRA recommended, and applied by SOG-IS MRA member schemes.
While the CCRA focuses on evaluations being fully comparable and repeatable, the SOG-IS MRA acknowledges that especially for the higher assurance levels, more evaluation effort is necessary that maximises the use of the evaluator’s skills and capabilities. This sound expertise and experience within certain product categories/technical domains is established in cooperation with industry in technical working groups and is regularly proven by a thorough and technical assessment between the SOG-IS MRA members.
Compared to the CCRA, SOG-IS MRA allows mutual recognition of a larger range of assurance levels, allowing industry to seek a certificate recognised by several countries, and at the same time achieving, when necessary, a medium or even high assurance level. SOG-IS MRA is therefore beneficial to international trade, not only for EU industry but also for non-EU product providers.
BSI will make use of international collaborative Protection Profiles as far as they fulfill the specific needs of National stakeholders or the European Community (governments, market and industry). This could imply that additional security functionality may be required and adjustments for higher assurance levels are needed.
Under the revised CCRA, certificates can only be issued against cPPs if the product exactly conforms to the security requirements as stated in the cPP, according to annex K.3 of the CCRA. This means a certificate issued under the CCRA cannot claim additional security functionality, or higher assurance components. In these cases BSI will issue two certificates based on a single evaluation for a compliant product where one will be CCRA cPP compliant and the other SOG-IS MRA compliant including the additional security requirements.
For non-cPP compliant evaluations, BSI will continue, as before and in compliance with the SOG-IS MRA, to issue certificates beyond EAL2 as appropriate and to recognise certificates at the EAL4 level, or higher for specific technical domains. Those certificates will be mutually recognised by the CCRA nations up to EAL2. If regulatory security requirements or similar strong reasons demand according assurance levels, BSI also issues certificates beyond international mutual recognition.
BSI continues its work on a Protection Profile for operating systems running on server and desktop systems. This and the accompanying extended packages are subject to a international working group. The goal is to enable product assurance according to the security needs of the markets. The assurance results from the operational environment of the systems and the need for protection of the data being processed. Operating systems are baseline technology, partly being used in sensitive areas. BSI recommends usage of appropriately certified operating systems specifically in those areas.
It is currently recommended to use the stable version 2.0 of the OS-PP. A first draft of the new version under development can be found under Collaborative Protection Profiles. In case you have interest in actively participating, please contact firstname.lastname@example.org.