International Security Certification Initiative (ISCI)

T

he International Security Certification Initiative (ISCI) is the EUCC ISAC group tasked with generating interpretation documents for Common Criteria certification (ISO 15408) of Security IC products (Smartcard and similar devices). ISCI is tasked with supporting the interpretation of the Common Criteria, with respect to Security IC domain (both HW and SW) security certifications. ISCI outputs documentation to enable ease of use of the Common Criteria for its members, to ensure certifications are optimized, clear, and concise. To also ensure that CC certifications are executed using the same criteria and analysis techniques across the Security IC certification domain.

ISCI develops, maintains, and continuously enhances the documentation used in the certification of security IC hardware, as well as embedded security firmware and software.

This work includes the harmonization of Common Criteria certifications above EAL4 (AVA_VAN.5, ALC_DVS.2) within EUCC:

  • Generation of Protection Profiles
  • Attack Method Catalogue
  • Methodology for composite certifications
  • Minimum Site Security Requirements

ISCI will define, support and promote a common framework for certifications based on the Common Criteria standard for high assurance levels (> EAL 4 with AVA_VAN.4/AVA_VAN.5)

Involve all pertinent actors of the certification eco-system with the goal to share experience, to improve and to harmonise activities within the EUCC community.

  • A common understanding and optimized application of the CEM methodology
  • Harmonization of evaluation methods enabling mutual recognition
  • Production and reuse of product certificates for composite evaluations
  • Production and reuse of site audit results (STAR) for product evaluations
  • Testing new evaluation practices within trial use period

Embracing global experts from European Cyber Security Frameworks, ISCI includes certification bodies, security certification schemes, evaluation facilities, developers, and end users. The group contributes to the security community by publishing and consulting on certification methodology and its interpretation.

Terms of Reference:

to be updated

Technical Group leaders:

Gordon Caffrey, TrustCB
Chairman

Jan Eichholz, G+D
Vice-chairman