|
|
||||||||||||||||||||||||||
| ||||||||||||||||||||||||||
|
||||||||||||||||||||||||||
|
|
|
International > Mutual recognition
|
Mutual recognition of certificates
Norway, as a member of CCRA, recognises CC certificates issued by other certificate producing member nations of the CCRA.
The mutual recognition of Common Criteria certificates means that a certificate issued by a certificate producing certification authority will be recognised by all member countries in the CCRA, including certificate consuming members.
Certificate consuming member
Certificate consuming members in the CCRA can’t issue internationally recognised certificates, but they are free to issue national certificates. New members to the CCRA must participate as certificate consuming members for two years before they can be taken under consideration to become a certificate producing member. For a complete list of CCRA members, see the list on the official CC-portal.
Certificate producing members
Certificate producing CCRA members issue internationally recognised certificates. This means that a certificate issued by a certificate producing member automatically will be recognised by all members in the CCRA. This recognition is not the same as an approval for specific use, and should not be understood as a product recommendation. The mutual recognition means that all CCRA members will endorse the contents of the certificate and the quality of the certification. For those who intend to use certified products it is always important to study the Security Target (ST) to ensure that the product has the wanted security functionality. The ST and the Certification Report must be published for the mutual recognition to apply.
For a nation to achieve status as a certificate producing member, it is required that the member nation can demonstrate its suitability. This is assessed by the accomplishment of a shadow certification. In the shadow certification representatives from other certificate producing members will evaluate the certification body's work. Norway is recognised as a certificate producing member in the CCRA.
A list of all certificate producing members in the CCRA can be found on the official CC-portal or in the list below.
Recognised certification authorities (certificate producing members)
The following members in the CCRA can issue internationally recognised CC-certificates:
- France
Direction Centrale de la Sécurité des Systèmes d'Information - Germany
Bundesamt fur Sicherheit in der Informationstechnik - Canada
Communications Security Establishment - United Kingdom
Communications-Electronics Security Group and Department of Trade and Industry - USA
National Information Assurance Partnership (NIAP) - Australia and New Zealand
Defence Signals Directorate - Japan
National Institute of Technology and Evaluation (NITE) - the Netherlands
Netherlands National Communications Security Agency - Norway
Sertifiseringsmyndigheten for IT-sikkerhet (SERTIT) - the Republic of Korea
Korea IT Security Evaluation and Certification Scheme (KECS) - Spain
Organismo de Certificacíon de la Seguridad de las Tecnologías de la Información - Sweden
CSEC – The Swedish Certification Body for IT Security - Italy
OCSI - Organismo di Certificazione della Sicurezza Informatica - Turkey
TSE (Turkish Standards Institution) - Malaysia
CyberSecurity Malaysia
SOGIS
”Mutual Recognition Agreement of Information Technology Security Evaluation Certificates – Version 3.0”, or the SOGIS-agreement is an agreement between some europeean nations with membership in the EU or EFTA concerning mutual recognition of evaluation certificates after ITSEC or the CC standards. For the CC all evaluation levels (EAL1 - EAL7) are recognised. The latest edition of the agreement is from January 2010.
Sogis' web site.