Common Criteria - Site Certification Services


Introduction

The development and production sites of IT products can be evaluated and certified separately pursuant to the Common Criteria. 

The operator of such a site can make an application at Germany's Federal Office for Information Security (German: Bundesamt für Sicherheit in der Informationstechnik, abbreviated as BSI) to have a site certified pursuant to CC. Such site certification occurs, as a rule, with a view towards reusing the results in later certification processes for IT products that are developed or produced at this location. Site certifications make synergies in the product certifications possible if, for example, different products of the same type and possibly from different developing companies are produced at one site.


The CCRA Supporting Documents

is also used in particular during the evaluation.


The consideration of a site certificate in a product certificate occurs in the scope of the product evaluation in the case of the Common Criteria Lifecycle - ALC assurance class. The particular process rules for inclusion are defined in the specific AIS documents.


Site certificates are not automatically subject to the international recognition agreements, but their inclusion in the results of a site evaluation is supported in the scope of the agreements. The certification body concerned with inclusion makes the individual decisions.


Who should apply

  1. The ICT product developer;
  2. The ICT product manufacture. i.e., Wafer Fab., Inlay and Card Production...etc.

Services

We provide but not limited to the following services to support your CC evaluation and certification: 

  1. Site security preliminary assessment with scoping;
  2. Supporting on site certification preparation and documentation, i.e.,
    • Site Security Target (SST);
    • CC life-cycle support assurance (ALC).
  3. Site certification audit support, i.e. pre-assessment, audit support.

Initiate and contact

The following information is required to initiate the service discussion: 

  1. Development or production site plan
  2. Security controls implementation 


   Contact:


   Philip KU

   philip.ku@tksg.global  PGP Public Key ]

   (PGP Fingerprint: BE11 C1CC BFE2 A3A9 4929  3D1C 10FF C3BE A51C 92F7)

Last modified: Tuesday, 13 July 2021, 4:16 PM