SlideShare a Scribd company logo

EUCA22 Panel Discussion: Differences between lightweight certification schemes

Javier Tallón
Javier Tallón
Javier TallónSecurity Expert at jtsec Beyond IT Security

As we all know, Europe is one of the leading players in the world in terms of cybersecurity certification. The main European countries issuing certifications, such as France, the Netherlands, Germany and Spain, have created their own lightweight/Fixed-time methodologies (CPSN, BSPA, BSZ and LINCE). All of them with many similarities, but also with quite a few national differences within them. This panel discussion will open the discussion among the relevant stakeholders for European recognition of these schemes. The panel will also discuss on the future European fixed-time methodology lead by JTC13 WG3, called FITCEM, which aims to unify all European schemes into a single one. The panel will discuss the potential impact that FITCEM will have both technically and in terms of the European market to the different stakeholders (manufacturers, laboratories, certification bodies, institutional agencies, etc.).

EUCA22 Panel Discussion: Differences between lightweight certification schemes

1 of 6
Download to read offline
EUCA22 Panel Discussion: Differences between lightweight certification schemes
Panelists
ISO/IEC
19896
José Ruiz (Moderator)
Co-founder and CTO, jtsec Beyond IT Security, Spain
Helge Kreutzmann
Senior Expert Bundesamt für Sicherheit in der Informationstechnik, Germany
Philippe Magnabosco
Policy Advisor for External Standards, ANSSI, France
Maria Christofi
ITSEF COO, Oppida, France
Pablo Franco
Head of Certification Body, CCN, Spain
Petr Kazil
Security Consultant, NLNCSA, Netherlands
❑ CSPN –Certification de Sécurité de Premier Niveau
❑ BSPA –Baseline Security Product Assessment
❑ LINCE –National Essential Security Evaluation
❑ BSZ –Beschleunigte Sicherheitszertifizierung
❑ and possibly more …
❑ … and then came the “Cybersecurity Act” with 3
assurance levels.
❑ … and possible verticals using them (e.g. IACS).
The fixed-time cybersecurity certification landscape in Europe
*Information taken from the presentation INTRODUCING FITCEM (FIXED-TIME CYBERSECURITY EVALUATION
METHODOLOGY FOR ICT PRODUCTS) by Dr. Helge Kreutzmann at EUCA 2021
❑ Flexible application:
❑ All CSA evaluation assurance levels, including self-assessment
❑ Horizontals and verticals
❑ Adaptable by parameters where possible
❑ Bare minimum required by CSA shall be possible
❑ Existing methodologies (LINCE, CSPN, …) should be reproducible
❑ The workload on the developer shall be reduced where possible
❑ This might imply higher work load for evaluators
❑ Evaluator competence is important
❑ This is not a “lightweight” CEM (ISO/IEC 18045)
Design principles of EN 17640 (extract)
*Information taken from the presentation INTRODUCING FITCEM (FIXED-TIME CYBERSECURITY EVALUATION
METHODOLOGY FOR ICT PRODUCTS) by Dr. Helge Kreutzmann at EUCA 2021
EN 17640
❑ Completeness check
❑ Protection Profile / Security Target evaluation /
Review of security functionalities
❑ Development documentation
❑ Evaluation of the TOE installation
❑ Conformance testing
❑ Vulnerability review
❑ Vulnerability testing
❑ Penetration testing
❑ (Basic) crypto analysis
❑ Extended crypto analysis
Evaluation Tasks
*Information taken from the presentation INTRODUCING FITCEM (FIXED-TIME CYBERSECURITY EVALUATION
METHODOLOGY FOR ICT PRODUCTS) by Dr. Helge Kreutzmann at EUCA 2021
That’s all folks!
Ad

Recommended

Towards a certification scheme for IoT security evaluation
Towards a certification scheme for IoT security evaluationTowards a certification scheme for IoT security evaluation
Towards a certification scheme for IoT security evaluationAxel Rennoch
 
Certified Information Systems Security Professional
Certified Information Systems Security ProfessionalCertified Information Systems Security Professional
Certified Information Systems Security ProfessionalHelen Njuguna
 
Introduction to the CWA process - CRISP Final Conference
Introduction to the CWA process - CRISP Final Conference Introduction to the CWA process - CRISP Final Conference
Introduction to the CWA process - CRISP Final Conference CRISP Project
 
UNINFO - BIG DATA & Information Security Standards - Guasconi
UNINFO - BIG DATA & Information Security Standards - GuasconiUNINFO - BIG DATA & Information Security Standards - Guasconi
UNINFO - BIG DATA & Information Security Standards - GuasconiBL4CKSWAN Srl
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologiesgenetics
 
TAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptxTAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptxJavier Tallón
 
Metholodogies and Security Standards
Metholodogies and Security StandardsMetholodogies and Security Standards
Metholodogies and Security StandardsConferencias FIST
 

More Related Content

Similar to EUCA22 Panel Discussion: Differences between lightweight certification schemes

Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and productsJavier Tallón
 
20160826_Draft_NISTIR 8072_Eric_Jacks
20160826_Draft_NISTIR 8072_Eric_Jacks20160826_Draft_NISTIR 8072_Eric_Jacks
20160826_Draft_NISTIR 8072_Eric_JacksEric Jacks
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4MLG College of Learning, Inc
 
MEDINA ESG (Expert Stakeholder Group) presentation
MEDINA ESG (Expert Stakeholder Group) presentationMEDINA ESG (Expert Stakeholder Group) presentation
MEDINA ESG (Expert Stakeholder Group) presentationMEDINA
 
It secuirty policy guidelines and practices
It secuirty policy guidelines and practicesIt secuirty policy guidelines and practices
It secuirty policy guidelines and practiceswaruireuben
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB
 
Information Society Programme - Trust & Security
Information Society Programme - Trust & SecurityInformation Society Programme - Trust & Security
Information Society Programme - Trust & SecurityFilipe Mello
 
Automation-based Certification for Cloud Services in Euro
Automation-based Certification for Cloud Services in EuroAutomation-based Certification for Cloud Services in Euro
Automation-based Certification for Cloud Services in EuroMEDINA
 
What Happened to Mathematically Provable Security?
What Happened to Mathematically Provable Security?What Happened to Mathematically Provable Security?
What Happened to Mathematically Provable Security?Frances Coronel
 
How Profisafe and cybersecurity enhance your Profinet/Profibus project - Pete...
How Profisafe and cybersecurity enhance your Profinet/Profibus project - Pete...How Profisafe and cybersecurity enhance your Profinet/Profibus project - Pete...
How Profisafe and cybersecurity enhance your Profinet/Profibus project - Pete...PROFIBUS and PROFINET InternationaI - PI UK
 
Network Security Monitoring - Theory and Practice
Network Security Monitoring - Theory and PracticeNetwork Security Monitoring - Theory and Practice
Network Security Monitoring - Theory and PracticeMichael Boman
 
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Seungjoo Kim
 
德國TSI公司簡報-2
德國TSI公司簡報-2德國TSI公司簡報-2
德國TSI公司簡報-2俠客科技
 
HSPA / HSPA+ and LTE Security Training
HSPA / HSPA+ and LTE Security TrainingHSPA / HSPA+ and LTE Security Training
HSPA / HSPA+ and LTE Security TrainingTonex
 
CRISP evaluation using the STEFi approach
CRISP evaluation using the STEFi approachCRISP evaluation using the STEFi approach
CRISP evaluation using the STEFi approachCRISP Project
 

Similar to EUCA22 Panel Discussion: Differences between lightweight certification schemes (20)

Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and products
 
20160826_Draft_NISTIR 8072_Eric_Jacks
20160826_Draft_NISTIR 8072_Eric_Jacks20160826_Draft_NISTIR 8072_Eric_Jacks
20160826_Draft_NISTIR 8072_Eric_Jacks
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
 
MEDINA ESG (Expert Stakeholder Group) presentation
MEDINA ESG (Expert Stakeholder Group) presentationMEDINA ESG (Expert Stakeholder Group) presentation
MEDINA ESG (Expert Stakeholder Group) presentation
 
Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...
 
Wp6 public
Wp6 publicWp6 public
Wp6 public
 
It secuirty policy guidelines and practices
It secuirty policy guidelines and practicesIt secuirty policy guidelines and practices
It secuirty policy guidelines and practices
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
 
Information Society Programme - Trust & Security
Information Society Programme - Trust & SecurityInformation Society Programme - Trust & Security
Information Society Programme - Trust & Security
 
Automation-based Certification for Cloud Services in Euro
Automation-based Certification for Cloud Services in EuroAutomation-based Certification for Cloud Services in Euro
Automation-based Certification for Cloud Services in Euro
 
What Happened to Mathematically Provable Security?
What Happened to Mathematically Provable Security?What Happened to Mathematically Provable Security?
What Happened to Mathematically Provable Security?
 
How Profisafe and cybersecurity enhance your Profinet/Profibus project - Pete...
How Profisafe and cybersecurity enhance your Profinet/Profibus project - Pete...How Profisafe and cybersecurity enhance your Profinet/Profibus project - Pete...
How Profisafe and cybersecurity enhance your Profinet/Profibus project - Pete...
 
Network Security Monitoring - Theory and Practice
Network Security Monitoring - Theory and PracticeNetwork Security Monitoring - Theory and Practice
Network Security Monitoring - Theory and Practice
 
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
 
PCI Compliance NOT for Dummies epb 30MAR2016
PCI Compliance NOT for Dummies epb 30MAR2016PCI Compliance NOT for Dummies epb 30MAR2016
PCI Compliance NOT for Dummies epb 30MAR2016
 
德國TSI公司簡報-2
德國TSI公司簡報-2德國TSI公司簡報-2
德國TSI公司簡報-2
 
HSPA / HSPA+ and LTE Security Training
HSPA / HSPA+ and LTE Security TrainingHSPA / HSPA+ and LTE Security Training
HSPA / HSPA+ and LTE Security Training
 
CRISP evaluation using the STEFi approach
CRISP evaluation using the STEFi approachCRISP evaluation using the STEFi approach
CRISP evaluation using the STEFi approach
 
02 sasaran kendali pencapaian tujuan v05
02 sasaran kendali pencapaian tujuan v0502 sasaran kendali pencapaian tujuan v05
02 sasaran kendali pencapaian tujuan v05
 

More from Javier Tallón

Evolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio IIEvolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio IIJavier Tallón
 
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...Javier Tallón
 
ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?Javier Tallón
 
ICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCNICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCNJavier Tallón
 
La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...Javier Tallón
 
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdfEUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdfJavier Tallón
 
Evolucionado la evaluación Criptográfica
Evolucionado la evaluación CriptográficaEvolucionado la evaluación Criptográfica
Evolucionado la evaluación CriptográficaJavier Tallón
 
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...Javier Tallón
 
EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045Javier Tallón
 
Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...Javier Tallón
 
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?Javier Tallón
 
Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?Javier Tallón
 
CCCAB tool - Making CABs life easy - Chapter 2
CCCAB tool - Making CABs life easy - Chapter 2CCCAB tool - Making CABs life easy - Chapter 2
CCCAB tool - Making CABs life easy - Chapter 2Javier Tallón
 
2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...Javier Tallón
 
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...Javier Tallón
 
Automating Common Criteria
Automating Common Criteria Automating Common Criteria
Automating Common Criteria Javier Tallón
 
CCCAB - Making CABs life easy
CCCAB -  Making CABs life easyCCCAB -  Making CABs life easy
CCCAB - Making CABs life easyJavier Tallón
 
ICCC21 2021 statistics report
ICCC21 2021 statistics reportICCC21 2021 statistics report
ICCC21 2021 statistics reportJavier Tallón
 
jtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationjtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationJavier Tallón
 

More from Javier Tallón (20)

Evolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio IIEvolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio II
 
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
 
ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?
 
ICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCNICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCN
 
La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...
 
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdfEUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
 
Hacking your jeta.pdf
Hacking your jeta.pdfHacking your jeta.pdf
Hacking your jeta.pdf
 
Evolucionado la evaluación Criptográfica
Evolucionado la evaluación CriptográficaEvolucionado la evaluación Criptográfica
Evolucionado la evaluación Criptográfica
 
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
 
EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045
 
Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...
 
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
 
Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?
 
CCCAB tool - Making CABs life easy - Chapter 2
CCCAB tool - Making CABs life easy - Chapter 2CCCAB tool - Making CABs life easy - Chapter 2
CCCAB tool - Making CABs life easy - Chapter 2
 
2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...
 
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
 
Automating Common Criteria
Automating Common Criteria Automating Common Criteria
Automating Common Criteria
 
CCCAB - Making CABs life easy
CCCAB -  Making CABs life easyCCCAB -  Making CABs life easy
CCCAB - Making CABs life easy
 
ICCC21 2021 statistics report
ICCC21 2021 statistics reportICCC21 2021 statistics report
ICCC21 2021 statistics report
 
jtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationjtsec Arqus Alliance presentation
jtsec Arqus Alliance presentation
 

Recently uploaded

Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptx
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptxEvolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptx
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptxKyle Willson
 
Bringing nullability into existing code - dammit is not the answer.pptx
Bringing nullability into existing code - dammit is not the answer.pptxBringing nullability into existing code - dammit is not the answer.pptx
Bringing nullability into existing code - dammit is not the answer.pptxMaarten Balliauw
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch TuesdayIvanti
 
Dynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringDynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringMassimo Talia
 
Put a flag on it. A busy developer's guide to feature toggles.
Put a flag on it. A busy developer's guide to feature toggles.Put a flag on it. A busy developer's guide to feature toggles.
Put a flag on it. A busy developer's guide to feature toggles.Mateusz Kwasniewski
 
Z-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdf
Z-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdfZ-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdf
Z-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdfDomotica daVinci
 
M.Aathiraju Self Intro.docx-AD21001_____
M.Aathiraju Self Intro.docx-AD21001_____M.Aathiraju Self Intro.docx-AD21001_____
M.Aathiraju Self Intro.docx-AD21001_____Aathiraju
 
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...Adrian Sanabria
 
Azure Migration Guide for IT Professionals
Azure Migration Guide for IT ProfessionalsAzure Migration Guide for IT Professionals
Azure Migration Guide for IT ProfessionalsChristine Shepherd
 
zigbee motion sensor user manual NAS-PD07B2.pdf
zigbee motion sensor user manual NAS-PD07B2.pdfzigbee motion sensor user manual NAS-PD07B2.pdf
zigbee motion sensor user manual NAS-PD07B2.pdfDomotica daVinci
 
5 Things You Shouldn’t Do at Salesforce World Tour Sydney 2024!
5 Things You Shouldn’t Do at Salesforce World Tour Sydney 2024!5 Things You Shouldn’t Do at Salesforce World Tour Sydney 2024!
5 Things You Shouldn’t Do at Salesforce World Tour Sydney 2024!XfilesPro
 
LLMs, LMMs, their Improvement Suggestions and the Path towards AGI.pdf
LLMs, LMMs, their Improvement Suggestions and the Path towards AGI.pdfLLMs, LMMs, their Improvement Suggestions and the Path towards AGI.pdf
LLMs, LMMs, their Improvement Suggestions and the Path towards AGI.pdfThomas Poetter
 
Importance of magazines in education ppt
Importance of magazines in education pptImportance of magazines in education ppt
Importance of magazines in education pptsafnarafeek2002
 
Artificial-Intelligence-in-Marketing-Data.pdf
Artificial-Intelligence-in-Marketing-Data.pdfArtificial-Intelligence-in-Marketing-Data.pdf
Artificial-Intelligence-in-Marketing-Data.pdfIsidro Navarro
 
My self introduction to know others abut me
My self  introduction to know others abut meMy self  introduction to know others abut me
My self introduction to know others abut meManoj Prabakar B
 
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre..."Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...shaiyuvasv
 
Heltun_HE-RS01_User_Manual_B9AH.pdf
Heltun_HE-RS01_User_Manual_B9AH.pdfHeltun_HE-RS01_User_Manual_B9AH.pdf
Heltun_HE-RS01_User_Manual_B9AH.pdfMarielaL5
 
Introduction to Serverless with AWS Lambda in C#.pptx
Introduction to Serverless with AWS Lambda in C#.pptxIntroduction to Serverless with AWS Lambda in C#.pptx
Introduction to Serverless with AWS Lambda in C#.pptxBrandon Minnick, MBA
 
Journey of Television in World & in India
Journey of Television in World & in IndiaJourney of Television in World & in India
Journey of Television in World & in IndiaAdarshAgarwal66
 

Recently uploaded (20)

Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptx
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptxEvolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptx
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptx
 
Bringing nullability into existing code - dammit is not the answer.pptx
Bringing nullability into existing code - dammit is not the answer.pptxBringing nullability into existing code - dammit is not the answer.pptx
Bringing nullability into existing code - dammit is not the answer.pptx
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 
Dynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringDynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineering
 
Put a flag on it. A busy developer's guide to feature toggles.
Put a flag on it. A busy developer's guide to feature toggles.Put a flag on it. A busy developer's guide to feature toggles.
Put a flag on it. A busy developer's guide to feature toggles.
 
5 Tech Trend to Notice in ESG Landscape- 47Billion
5 Tech Trend to Notice in ESG Landscape- 47Billion5 Tech Trend to Notice in ESG Landscape- 47Billion
5 Tech Trend to Notice in ESG Landscape- 47Billion
 
Z-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdf
Z-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdfZ-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdf
Z-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdf
 
M.Aathiraju Self Intro.docx-AD21001_____
M.Aathiraju Self Intro.docx-AD21001_____M.Aathiraju Self Intro.docx-AD21001_____
M.Aathiraju Self Intro.docx-AD21001_____
 
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...
 
Azure Migration Guide for IT Professionals
Azure Migration Guide for IT ProfessionalsAzure Migration Guide for IT Professionals
Azure Migration Guide for IT Professionals
 
zigbee motion sensor user manual NAS-PD07B2.pdf
zigbee motion sensor user manual NAS-PD07B2.pdfzigbee motion sensor user manual NAS-PD07B2.pdf
zigbee motion sensor user manual NAS-PD07B2.pdf
 
5 Things You Shouldn’t Do at Salesforce World Tour Sydney 2024!
5 Things You Shouldn’t Do at Salesforce World Tour Sydney 2024!5 Things You Shouldn’t Do at Salesforce World Tour Sydney 2024!
5 Things You Shouldn’t Do at Salesforce World Tour Sydney 2024!
 
LLMs, LMMs, their Improvement Suggestions and the Path towards AGI.pdf
LLMs, LMMs, their Improvement Suggestions and the Path towards AGI.pdfLLMs, LMMs, their Improvement Suggestions and the Path towards AGI.pdf
LLMs, LMMs, their Improvement Suggestions and the Path towards AGI.pdf
 
Importance of magazines in education ppt
Importance of magazines in education pptImportance of magazines in education ppt
Importance of magazines in education ppt
 
Artificial-Intelligence-in-Marketing-Data.pdf
Artificial-Intelligence-in-Marketing-Data.pdfArtificial-Intelligence-in-Marketing-Data.pdf
Artificial-Intelligence-in-Marketing-Data.pdf
 
My self introduction to know others abut me
My self  introduction to know others abut meMy self  introduction to know others abut me
My self introduction to know others abut me
 
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre..."Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
 
Heltun_HE-RS01_User_Manual_B9AH.pdf
Heltun_HE-RS01_User_Manual_B9AH.pdfHeltun_HE-RS01_User_Manual_B9AH.pdf
Heltun_HE-RS01_User_Manual_B9AH.pdf
 
Introduction to Serverless with AWS Lambda in C#.pptx
Introduction to Serverless with AWS Lambda in C#.pptxIntroduction to Serverless with AWS Lambda in C#.pptx
Introduction to Serverless with AWS Lambda in C#.pptx
 
Journey of Television in World & in India
Journey of Television in World & in IndiaJourney of Television in World & in India
Journey of Television in World & in India
 

EUCA22 Panel Discussion: Differences between lightweight certification schemes

  • 2. Panelists ISO/IEC 19896 José Ruiz (Moderator) Co-founder and CTO, jtsec Beyond IT Security, Spain Helge Kreutzmann Senior Expert Bundesamt für Sicherheit in der Informationstechnik, Germany Philippe Magnabosco Policy Advisor for External Standards, ANSSI, France Maria Christofi ITSEF COO, Oppida, France Pablo Franco Head of Certification Body, CCN, Spain Petr Kazil Security Consultant, NLNCSA, Netherlands
  • 3. ❑ CSPN –Certification de Sécurité de Premier Niveau ❑ BSPA –Baseline Security Product Assessment ❑ LINCE –National Essential Security Evaluation ❑ BSZ –Beschleunigte Sicherheitszertifizierung ❑ and possibly more … ❑ … and then came the “Cybersecurity Act” with 3 assurance levels. ❑ … and possible verticals using them (e.g. IACS). The fixed-time cybersecurity certification landscape in Europe *Information taken from the presentation INTRODUCING FITCEM (FIXED-TIME CYBERSECURITY EVALUATION METHODOLOGY FOR ICT PRODUCTS) by Dr. Helge Kreutzmann at EUCA 2021
  • 4. ❑ Flexible application: ❑ All CSA evaluation assurance levels, including self-assessment ❑ Horizontals and verticals ❑ Adaptable by parameters where possible ❑ Bare minimum required by CSA shall be possible ❑ Existing methodologies (LINCE, CSPN, …) should be reproducible ❑ The workload on the developer shall be reduced where possible ❑ This might imply higher work load for evaluators ❑ Evaluator competence is important ❑ This is not a “lightweight” CEM (ISO/IEC 18045) Design principles of EN 17640 (extract) *Information taken from the presentation INTRODUCING FITCEM (FIXED-TIME CYBERSECURITY EVALUATION METHODOLOGY FOR ICT PRODUCTS) by Dr. Helge Kreutzmann at EUCA 2021 EN 17640
  • 5. ❑ Completeness check ❑ Protection Profile / Security Target evaluation / Review of security functionalities ❑ Development documentation ❑ Evaluation of the TOE installation ❑ Conformance testing ❑ Vulnerability review ❑ Vulnerability testing ❑ Penetration testing ❑ (Basic) crypto analysis ❑ Extended crypto analysis Evaluation Tasks *Information taken from the presentation INTRODUCING FITCEM (FIXED-TIME CYBERSECURITY EVALUATION METHODOLOGY FOR ICT PRODUCTS) by Dr. Helge Kreutzmann at EUCA 2021