General Requirements for Accreditation of ASNITE. Testing Laboratories of Information Technology. (The 12th Edition) November 1, 2014

Transcription

1 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 1/43 (Tentative Translation) Accreditation - Department - TIRP21 ASNITE Test IT Publication Document General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology (The 12th Edition) November 1, 2014 International Accreditation Japan National Institute of Technology and Evaluation

2 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 2/43 - Table of Contents - PART 1 GENERAL RULES PURPOSE SCOPE NORMATIVE REFERENCES DEFINITIONS... 6 PART 2 GENERAL REQUIREMENTS FOR EVALUATION FACILITIES (ACCREDITATION SCOPE: INFORMATION TECHNOLOGY - COMMON CRITERIA EVALUATION) GENERAL SCOPE OF MANAGEMENT SYSTEM (ISO/IEC CLAUSE 4.1.3) ORGANIZATION (ISO/IEC CLAUSES 4.1.4, B), D)) SUB-CONTRACTING (ISO/IEC CLAUSES 4.5.1, ) TECHNICAL RECORDS (ISO/IEC CLAUSE ) INTERNAL AUDITS (ISO/IEC CLAUSES ) MANAGEMENT REVIEW (ISO/IEC CLAUSES 4.15) COMPETENCE AND QUALIFICATION OF PERSONNEL (ISO/IEC CLAUSES H), AND 5.2.1) EDUCATION / TRAINING OF PERSONNEL (ISO/IEC CLAUSE 5.2.2) MANAGEMENT OF PERSONNEL (ISO/IEC CLAUSE 5.2.3, AND 5.2.5) FACILITY AND ENVIRONMENTAL CONDITION (ISO/IEC CLAUSES 4.1.5C) AND 5.3) EVALUATION METHODS (ISO/IEC CLAUSE 5.4.1) NON-STANDARD METHODS (ISO/IEC CLAUSE 5.4.4) VALIDATION OF METHODS (ISO/IEC CLAUSE ) ESTIMATION OF UNCERTAINTY OF MEASUREMENT (ISO/IEC CLAUSE 5.4.6) POSSESSION OF EQUIPMENT (ISO/IEC CLAUSE 5.5.1, 5,5,2) MEASUREMENT TRACEABILITY (ISO/IEC CLAUSE 5.6) HANDLING AND IDENTIFYING OF EVALUATION ITEMS (ISO/IEC CLAUSE 5.8.2, 5.8.4) GENERAL REQUIREMENTS FOR REPORTING THE RESULTS (ISO/IEC CLAUSE ) EVALUATION TECHNICAL REPORTS (ISO/IEC CLAUSES , AND )...17 PART 3 GENERAL REQUIREMENTS FOR TESTING LABORATORIES (ACCREDITATION SCOPE: INFORMATION TECHNOLOGY - CRYPTOGRAPHIC MODULE TESTING) GENERAL SCOPE OF MANAGEMENT SYSTEM (ISO/IEC CLAUSE 4.1.3) ORGANIZATION (ISO/IEC CLAUSES 4.1.4, 4.1.5, NIST HB ) MANAGEMENT SYSTEM (ISO/IEC CLAUSES 4.2.1, NIST HB ) REVIEW OF REQUESTS TENDERS AND CONTRACTS (ISO/IEC CLAUSE , 4.4.3) SUBCONTRACTING ISO/IEC CLAUSE (NIST HB )...20

3 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 3/ TECHNICAL RECORDS (ISO/IEC CLAUSE , ) INTERNAL AUDITS (ISO/IEC CLAUSE , NIST HB ) MANAGEMENT REVIEW (ISO/IEC CLAUSE , NIST HB ) COMPETENCE AND QUALIFICATION OF PERSONNEL (ISO/IEC CLAUSES 4.1.5H) AND 5.2.1, 5.2.3) EDUCATION / TRAINING OF PERSONNEL (ISO/IEC CLAUSE 5.2.2) FACILITY AND ENVIRONMENTAL CONDITION (ISO/IEC CLAUSES 4.1.5C) AND 5.3) TEST METHODS (ISO/IEC CLAUSE 5.4.1) NON-STANDARD METHODS (ISO/IEC CLAUSE 5.4.4) VALIDATION OF METHODS (ISO/IEC CLAUSE ) ESTIMATION OF UNCERTAINTY OF MEASUREMENT (ISO/IEC CLAUSE 5.4.6) POSSESSION OF EQUIPMENT (ISO/IEC CLAUSE 5.5.1) MAINTENANCE OF EQUIPMENT AND CALIBRATION (ISO/IEC CLAUSE 5.5.1, 5.5.2, 5.5.3) MEASUREMENT TRACEABILITY (ISO/IEC CLAUSE 5.6) HANDLING OF TEST ITEMS AND THEIR IDENTIFICATION (ISO/IEC CLAUSE 5.8.1) HANDLING AND STORAGE OF TEST ITEMS (ISO/IEC CLAUSE 5.8.2, 5.8.4) REPORTING THE RESULTS (ISO/IEC CLAUSE ) TEST REPORTS (ISO/IEC CLAUSES , AND )...29 PART 4 GENERAL REQUIREMENTS FOR SYSTEM LSI PENETRATION TESTING LABORATORIES (ACCREDITATION SCOPE: INFORMATION TECHNOLOGY SYSTEM LSI PENETRATION TESTING GENERAL SCOPE OF MANAGEMENT SYSTEM (ISO/IEC CLAUSE 4.1.3) INTERNAL AUDITS (ISO/IEC CLAUSE ) COMPETENCE AND QUALIFICATION OF PERSONNEL (ISO/IEC CLAUSES 4.1.5H) AND 5.2.1) EDUCATION / TRAINING OF PERSONNEL (ISO/IEC CLAUSE 5.2.2) TECHNICAL RECORDS (ISO/IEC CLAUSE ) FACILITY AND ENVIRONMENTAL CONDITION (ISO/IEC CLAUSES 4.1.5C) AND 5.3) TEST METHODS (ISO/IEC CLAUSE 5.4.1) NON-STANDARD METHODS (ISO/IEC CLAUSE 5.4.4) ESTIMATION OF UNCERTAINTY OF MEASUREMENT (ISO/IEC CLAUSE 5.4.6) POSSESSION OF EQUIPMENT (ISO/IEC CLAUSE 5.5.1) MAINTENANCE OF EQUIPMENT (ISO/IEC CLAUSES 5.5.2,AND 5.5.3) MEASUREMENT TRACEABILITY (ISO/IEC CLAUSE 5.6) REPORTING THE RESULTS (ISO/IEC CLAUSE ) TEST REPORTS (ISO/IEC CLAUSES , AND )...34 PART 5 MISCELLANEOUS OBLIGATIONS NECESSARY PROCEDURE FOR ACCREDITATION APPLICATION PERIODIC CONFIRMATION OF TECHNICAL COMPETENCE...35

4 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 4/ NOTIFICATION OF CHANGE PROHIBITING OF CERTIFICATION WORK IN ACCORDANCE WITH THE STANDARDS TO BE USED FOR ACCREDITATION (IAF-ILAC JGA 2007 SYDNEY RESOLUTION 7) OBLIGATIONS OF THE CABS (IAF-ILAC-A5:11/2013 M8.1.1E) ) NOTIFICATION OF SUCCESSION CONTRACT ASSESSMENT NOTIFICATION OF ABOLISHMENT SUSPENSION OF ACCREDITATION WITHDRAWAL OF ACCREDITATION REQUIREMENTS FOR HANDLING OF ACCREDITATION SYMBOL...39 SUPPLEMENTARY PROVISION...41 ANNEX

5 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 5/43 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology Part 1 General Rules 1.1 Purpose This rule intends to prescribe the necessary requirements for the laboratories which perform a Common Criteria Evaluation, a Cryptographic Module Testing or a System LSI penetration testing applying for accreditation and for the accredited testing laboratories to maintain their accreditation status in the Accreditation System of National Institute of Technology and Evaluation (hereinafter referred to as ASNITE ) organized by the International Accreditation Japan (hereinafter referred to as accreditation body ) of National Institute of Technology and Evaluation (hereinafter referred to as NITE ). 1.2 Scope This regulation is applied to the laboratory which seeks to have an accreditation of ASNITE (hereinafter referred to as applicant ) and the laboratory accredited for ASNITE (hereinafter referred to as accredited laboratory ) The accreditation scopes of the laboratory to which this rule is applied are specified as in the following table. Accreditation Scope Cf. in Certification Scheme Information Common Criteria Software Evaluation Facility in JISEC Technology Evaluation Hardware (smart card (Note 1) etc.) Cryptographic Module Cryptographic Software Testing Laboratory in JCMVP Testing module (Note 2) Cryptographic Hardware module System LSI penetration testing (Note 1) JISEC: Japan Information Technology Security Evaluation and Certification Scheme (Note 2) JCMVP: Japan Cryptographic Module Validation Program The requirements for the accreditation of ASNITE will become clearer when this rule is read together with the following rules, issued by Information-technology Promotion Agency, Japan (hereinafter referred to as IPA ); These rules and their relevant procedures can be downloaded via the following IPA web site. (Note 3) (Note 3) (Note 3) Please be advised that the URLs may be changed due to the reasons of organizing their websites of the organizations of disclosure information.

6 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 6/43 (1) Basic Regulation of Japan Information Technology Security Evaluation and Certification Scheme (CCS-01) (2) Requirements for approval of Information Technology Security Evaluation Facility (CCM-03) (3) Basic Regulation of Japan Cryptographic Module Validation Program (JCM-01) (4) Regulation about application procedure for approval of Cryptographic Module Testing Laboratory (CBM-03) 1.3 Normative References This rule refers to the latest version of the following international standards, Japanese Industrial Standards and other related documents except for the version specified one. These international standards may be replaced by the Japanese Industrial Standards provided that they were prepared through translation of those international standards without changing the technical content and the format of the standard formation. (1) ISO/IEC Conformity Assessment-Vocabulary and general principles (2) ISO/IEC General requirements for the competence of testing and calibration laboratories (3) ISO/IEC Conformity assessment -General requirements for accreditation bodies accrediting conformity assessment bodies (4) ISO/IEC Information technology-security techniques-evaluation criteria for IT security-part 1: Introduction and general model (5) ISO/IEC Information technology-security techniques-evaluation criteria for IT security-part 2: Security functional components (6) ISO/IEC Information technology-security techniques-evaluation criteria for IT security -Part 3: Security assurance components (7) ISO/IEC Information Technology-Security Techniques- Methodology for IT Security Evaluation (8) ISO/IEC 19790:2006 Information technology-security techniques-security requirements for cryptographic modules (9) ISO/IEC 24759:2008 Information technology-security techniques-test requirements for cryptographic modules (10) IAJapan Policy on Traceability of Measurement (URP23) (11) IAJapan Policy on Proficiency Testing (URP24) (12) Requirements for approval of Information Technology Security Evaluation Facility (CCM-03) (13) NIST HAND BOOK National Voluntary Laboratory Accreditation Program Cryptographic and Security Testing (NIST HB ) The latest version of this document can be downloaded via the following website Definitions ASNITE Testing Laboratories of Information Technology: One of the ASNITE Accreditation Program for accrediting Evaluation Facility (1.4.6 ), CM Testing Laboratory (1.4.7 ) and

7 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 7/43 Penetration Testing Laboratory (1.4.8 ) CC Certification Body : means the certification body of IPA which carries out certification for the evaluation of TOE and PP and examination for the evaluation of ST, in accordance with JISEC. CC Certification Body certifies TOE and PP and confirms ST by verifying conformity to IT security evaluation criteria specified in clause based on the evaluation technical report, etc. submitted by the evaluation facility specified in clause CM Certification Body : means the certification body of IPA which certifies the cryptographic module in accordance with JCMVP. CM Certification Body certifies the cryptographic module and examines the result of the cryptographic algorithm testing by verifying conformity to the security requirements for the cryptographic module as specified in clause based on the test reports, etc. submitted by the CM testing laboratory as specified in clause CMVP: Cryptographic Module Validation Program: CMVP was established by NIST (National Institute of Standards and Technology)/ITL (Information Technology Laboratory. It is a joint organized certification program of the U.S. and the Canadian government run by NIST/ITL and CSEC (Communications Security Establishment Canada) NVLAP: National Voluntary Laboratory Accreditation Program; To be an authorized testing body for CMVP, accreditation granted by NVLAP is required. In case the applicant seeks joint certification under JCMVP and CMVP, the applicant is required to be granted accreditation by either ASNITE IT or NVLAP Evaluation Facility : means the accredited laboratory whose accreditation scope is a common criteria evaluation. The evaluation facility evaluates TOE, PP, etc CM Testing Laboratory : means the accredited laboratory whose accreditation scope is a cryptographic module testing. The CM testing laboratory tests the cryptographic module and the cryptographic algorithm by use of the cryptographic algorithm test tool rented from the CM Certification Body Penetration Testing Laboratory means the accreditation laboratory whose accreditation scope is a System LSI penetration testing. The penetration testing Laboratory mainly performs the System LSI penetration tests relevant to AVA_VAN based on Common Criteria Support documents for Smartcards and their related documents as a part of a common criteria hardware evaluation IT Security Evaluation Criteria : are criteria to be used for the common criteria evaluation and mean the following (hereinafter referred to as CC including the supplementary documents specified in clause except the case when these supplementary documents are explicitly set apart from the following documents). (1) ISO/IEC , ISO/IEC and ISO/IEC (2) Common Criteria for Information Technology Security Evaluation 1) Part 1: Introduction and general model 2) Part 2: security functional components 3) Part 3: Security assurance components (3) Translated document in clause (2) above published by CC Certification Body. In the case of use

8 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 8/43 of the translated document, if some terms used in the translated document are different from those used in JIS, please refer to the comparison table attached to the translated document. This document can be downloaded via the following website Interpretation of IT Security Evaluation Criteria : is an interpretation published by CC Certification Body, which shall be used together with IT security evaluation criteria IT Security Evaluation Method : are methodologies to be used for the common criteria evaluation and mean the following (hereinafter referred to as CEM including the supplementary documents specified in clause except the case when these supplementary documents are explicitly set apart from the following documents). (1) ISO/IEC (2) Common Methodology for Information Technology Security Evaluation (3) The translated document in clause (2) above published by CC Certification Body. In the case of use of the translated document, if some terms used in the translated document are different from those used in JIS, please refer to the comparison table attached to the translated document. This document can be downloaded via the following website Interpretation of IT Security Evaluation Method : means an interpretation published by CC Certification Body, which shall be used together with IT Security Evaluation Method CC supportive documents : the documents published by CCRA where it is prescribed the way of application of evaluation criteria and evaluation method on the specific techniques of certification relevant to a process of a common criteria certification. The object of the documents is mainly relevant to evaluation/certification of Smartcards and the documents are applicable to a common criteria hardware evaluation/certification and a System LSI attack testing. This document can be downloaded via the following website Sponsor: means the party who applies for the common criteria evaluation and certification based on JISEC Cryptographic module: means the hardware, the software, the firmware and/or the integration of them which has a cryptographic module security function (a cryptographic algorithm having a moving mode) approved by CM Certification Body and performs encryption within the physical cryptographic boundary explicitly predefined Security requirements for cryptographic module: are security requirements for the cryptographic module and its cryptographic algorithm, which mean the followings: (1) ISO/IEC (2) JIS X (3) Documents equivalent to those as specified in clause(s) (1) published by CM Certification Body The documents are available at the following website. (4) Federal Information Processing standards (FIPS) and its succeeding version

9 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 9/43 The documents are available at the following website Test requirements for cryptographic module: are test requirements for the cryptographic module and its cryptographic algorithm, which mean the following: (1) ISO/IEC (2) JIS X (3) Documents equivalent to those as specified in clause(s) (1) published by CM Certification Body The documents are available at the following website. (4) Derived Test Requirements (DTR) for Federal Information Processing standards (FIPS) and its succeeding version The documents are available at the following website Test requirements for cryptographic algorithm: are requirements for the cryptographic algorithm testing carried out as a part of the cryptographic module testing, which mean the following: (1) The document published by CM Certification Body (ATR-01) The documents are available at the following website. (2) Cryptographic Algorithm validation testing for FIPS-approved and/or NIST-recommended security functions prescribed in Annex to FIPS The documents are available at the following website Operation guidance (1) JCMVP operation guidance published by CM Certification Body. The documents are available at the following website. (2) Operation guidance for FIPS and its succeeding documents and for Cryptographic Module Validation Program The documents are available at the following website Proficiency artifact testing: Test which performs by the use of the simulated cryptographic module co-developed by the CM Certification Body with CMVP at the initial assessment of accreditation for CM Testing Laboratory Verification: means to confirm compliance with the requirements of the regulation by the inspection and the presentation of the proof For the purpose of this document, the terms mentioned above and the appropriate definitions among those specified in ISO/IEC 15408, ISO/IEC 17000, ISO/IEC and ISO/IEC shall be applied.

10 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 10/43 Part 2 General Requirements for Evaluation Facilities (Accreditation Scope: Information Technology - Common Criteria Evaluation) 2.1 General The accreditation body shall apply appropriate clauses of ISO/IEC to the applicants and the evaluation facilities (hereinafter referred to as evaluation bodies ) as general requirements for the accreditation of ASNITE (the accreditation scope: Information Technology - Common Criteria Evaluation) The accreditation Body shall make the regulations specified in the Part 2 herein a policy of applying general requirements based on the regulations in clause The evaluation bodies should operate its management system based on its management system documents including reference to Requirements for approval of Information Technology Security Evaluation Facility (CCM-03) Special requirements for accreditation of multi-site applicant/accredited organizations attached to this document as Annex 1 shall be applied when the evaluation bodies seeks to be granted accreditation for multiple-site facilities as a whole. 2.2 Scope of Management System (ISO/IEC clause 4.1.3) The evaluation bodies shall specify its scope in the management system (the quality manual, etc.). Particularly the scope subject to accreditation shall be either one among the following (1) through (4). When an evaluator granted the qualification by CC Certification Body other than the following security components, the granted security component can be added to the scope of accreditation granted on application bases. ALC FLR.n (n = 1, 2, 3) can be added to the scope of software evaluation. ALC_DVS.2, AVA_VAN.4 and/or AVA_VAN.5 can be added to the scope of hardware evaluation (Smartcards etc.). (1) Class APE, EAL 1 and EAL 2 (2) Class APE, EAL 1, EAL 2 and EAL 3 (3) Class APE, EAL 1, EAL 2, EAL 3 and EAL 4 (4) Class APE, EAL 1, EAL 2, EAL 3, EAL 4 and EAL Organization (ISO/IEC clauses 4.1.4, b), d)) The evaluation bodies shall establish and maintain policies and procedures for maintaining impartiality and integrity in the conduct of common criteria evaluation. The policies and procedures may include but not limited to the following: (1) In principle, the evaluation bodies shall not perform any services which may influence the result of evaluation, such as consulting service relevant to the subjects provided for evaluation (including PP, ST, TOE and the developer generated documents). In case the evaluation body is part of the parent organization which performs activities other than the evaluation activity and the activities may influence results of evaluation, the body shall identify the activities and maintain a strict separation between the activities and the evaluation activity.

11 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 11/43 (2) The evaluations bodies shall ensure that its personnel who is currently providing or has previously provided consulting services to the subject cannot perform evaluation to the corresponding subject. (3) The evaluation bodies shall ensure that no interest is exist among the personnel in charge of evaluation and the division of TOE development (or the division providing supportive service) of the subject. 2.4 Sub-contracting (ISO/IEC clauses 4.5.1, ) The evaluation bodies may use a sub-contracting part of their work with subcontractor(s). If subcontracting is used, the bodies shall confirm that their subcontractor fulfills the evaluation criteria (CC) and the relevant requirements of ISO/IEC and has reliable competence. The bodies shall maintain records of confirmation. This confirmation can be excluded when the subcontractor used is granted accreditation by ILAC-MRA signatories. In case of using a subcontractor for penetration testing, it is only permitted to the evaluation bodies which has granted or is applied to be granted accreditation in the scope of CC evaluation (hardware) in accordance with the clause 2.2 of this document. NOTE: The evaluation bodies shall fulfill the requirements listed below when their evaluation report includes the evaluation results and/or test results performed by their subcontractor: (1) state that the report includes the results performed by the subcontractor at the page where licensed accreditation symbol be indicated; and (2) clearly identify the results performed by the subcontractor to other results. 2.5 Technical Records (ISO/IEC clause ) Technical records can be traced to ensure that the evaluation has been performed in accordance with CEM action elements corresponding to the action elements of the CC evaluator. Technical records shall include enough information to confirm objectively of what type of evaluation be perfumed against all of each work unit. The records shall also include IDs of both the evaluator and the person in charge of reviewing the evaluation results. The evaluation bodies shall have a data back-up mechanism to avoid falsifying and elimination of data. The evaluation bodies shall make a retention period of the technical records appropriate, considering the Sponsor s retention period of materials, etc. NOTE: It may be a good practice to retain for 5 years considering the use condition of TOE evaluated in the market. 2.6 Internal Audits (ISO/IEC clauses ) In the case where only one member of an evaluation body staff is competent in some technical aspects of the program, or is the only expert in conducting a specific aspect of the conformance testing, an audit by an appropriate external expert shall be necessary in order to audit this technical aspect. The external expert shall have a competence of performing the following points and an audit

12 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 12/43 shall include but not limited to: (1) a review of documentation and instructions; (2) adherence to procedures and instructions; and (3) documentation of the findings of the audit 2.7 Management Review (ISO/IEC clauses 4.15) The applicant shall perform at least one full management review prior to the first on-site assessment. The Management review shall include the review of the proficiency evaluation results. When using certification review results performed by CC Certification Body as a quality assurance, the bodies shall consider findings presented by the CC Certification Body to be treated as issues of organizational measures and the findings and the results of consideration shall be reported to the management review. 2.8 Competence and Qualification of Personnel (ISO/IEC clauses h), and 5.2.1) Competence of Technical Management of Evaluation bodies (1) The technical management shall have full responsibility for technical matters of the evaluation. (2) The technical management shall have sufficient technical knowledge for the evaluation and competence of the correct examination of the evaluation results. (3) The technical management shall have the following knowledge and competence of doing the education/training and suitable supervising/direction to the evaluators. 1) General requirements for IT security evaluation including preparation of the evaluation technical report 2) Knowledge for CC 3) Knowledge for CEM 4) Knowledge and Skills for understanding functions and/or architecture of evaluation subjects and for implementing CEM actions and work units corresponding to action elements of CC evaluators appropriately. 5) Knowledge in General for Information Processing (Computer Security, Computer System Architecture, Programming Languages, Algorithm and Data Construction, Operating System, Database System, Network System, etc.) (4) The personnel of the technical management shall have the knowledge and competence prescribed (3) and shall also have knowledge and/or experience regarding development of the IT products relevant to the evaluation technique. (5) The knowledge of (2) through (4) above, the experience, etc. should be the latest Competence and Qualification of Evaluators of Evaluation bodies (1) The evaluators shall have the internal qualification for the evaluation. (2) The evaluators shall have the knowledge specified in clause (3) and the criteria of the internal qualification shall be adequate. (3) The evaluators should have the knowledge and should have the experience of the development of IT products, etc. or in the field for the evaluation.

13 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 13/ Grant of Qualification by CC Certification Body (1) The evaluation bodies shall have good results in the evaluation conducted under supervision of the CC Certification Body for the purpose of grant of the evaluators qualification (the trial evaluation), and have one or more evaluators granted the qualification by CC Certification Body. (2) The scope of the qualification grant in (1) mentioned above shall include all of the accreditation scope specified in clause If the mechanism by which the evaluation body employs staff members is through contracting of personnel, any key personnel (including evaluation personnel and managerial staff) who are contractors shall be identified and listed in the evaluation body s application for accreditation. When a change in the key personnel employed through subcontracting occurs or when the direct supervision of this category of personnel is not possible, a report shall be submitted to the accreditation body. NOTE: Any of the above-listed changes in the personnel employed through subcontracting may affect evaluation bodies accreditation status. 2.9 Education / Training of Personnel (ISO/IEC clause 5.2.2) The management of the applicants and the evaluation facilities shall have a policy and procedures for providing the education/training for the personnel including the evaluators. This education/training program shall be adequate for the evaluation work of the evaluation bodies The education/training program in clause shall at least focus on the matters specified in clause (3)1) through (3)4). Also, if necessary for the evaluation work, the education/training for the matters of clause (3)5) shall be carried out. These education/trainings shall be periodically and deliberately carried out for the evaluator so as to enable to continue a suitable evaluation and to correspond to the latest technology The evaluation body shall have a competency review program and procedures for the evaluation and maintenance of the competency of each staff member and this evaluation and an observation of performance shall be conducted annually. Method of the program shall be documented as one of its quality management documents and to be reviewed periodically. The method for confirmation of personnel competency may be by reviewing the cases of evaluation performed by personnel or by confirming the results/outcomes of educations/trainings Management of Personnel (ISO/IEC clause 5.2.3, and 5.2.5) The contracts of the evaluators have two cases, one is the contract between the organizations and the other is direct employment with the evaluation body..in any of these cases, the evaluation body shall confirm records of training of personnel and ensure their competency. The evaluation body shall accept responsibility for their evaluation results The evaluation body shall review the scope of internal qualifications applied when the evaluator has a difficulty to perform evaluations corresponding to their scope of evaluation. The evaluation body shall have procedures for displaced evaluators.

14 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 14/ Facility and Environmental Condition (ISO/IEC clauses 4.1.5c) and 5.3) Protection of customer s confidential information and proprietary rights (1) The evaluation bodies themselves shall manage at least the following facilities, etc., and have the policy and procedures for protection of its customer s confidential information and proprietary rights; 1) Facility for carrying out the evaluation (the evaluation room) 2) Storing place of the confidential information for the evaluation 3) Facility provided with tools for transmittal of the confidential information for the evaluation (FAX, l, etc.) 4) Facility or service for using internet to send s etc, for transmittal of the confidential information for the evaluation (Facility outside the evaluation body may be excluded.) NOTE: (3)2) (3)3) and (3)4) mentioned above may be placed in (3)1) hereinabove, or in the different place from (3)1) hereinabove. (2) The evaluation bodies shall have a suitable evaluation room following the requirement below.. 1) The room shall have authentication system for entering and leaving personnel. This system should have a mechanism of identifying dates and names of all the entering and leaving personnel. (3) The policy and procedures for the storing place should include at least the following matters; 1) The evaluation body shall control access that any information owned by the sponsor are inaccessible to unauthorized personnel. 2) Not to bring out the confidential information for the evaluation, except for the unavoidable case (e.g. the case of carrying out the evaluation at the Sponsor s site, the case of communication with CC Certification Body, etc.). 3) To abolish the confidential information for the evaluation, in an unrecoverable condition, or erase it when it is not needed. If necessary, it shall be surely returned to the Sponsor, etc. (Example) The examples of the abolishment or erasure in unrecoverable condition are the abolishment by a shredder, etc., or dissolution by a paper dissolution treatment device for paper mediums, and initialization or physical destruction for electronic mediums. (4) The evaluation bodies shall ensure to protect confidential information in the transmittal route including the sending side and the receiving side in the case of transmitting the confidential information for the evaluation. If the protection is not ensured in the partial or whole transmittal route, the means of protecting the confidential information shall be taken. (Example) The way of the protection in the case of sending/receiving may be to include the confidential information in the attached file instead of including it in the mail text and to encrypt such attached file. (Example) The way of the protection in the case of sending the confidential information by FAX in unavoidable case may be to have the receiver wait for such information in front of the FAX machine in advance by the telephone arrangement before sending. (5) The evaluation bodies shall maintain the ethics regulation for protection of sponsor s confidential information and proprietary rights.

15 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 15/ Facility for carrying out Evaluation and its Environmental Condition (1) When the evaluation bodies carry out the evaluation in the place other than a permanent facility (e.g. the Sponsor s site, etc.), they shall enable their environment to comply with the general requirement specified in clause 5.3 of ISO/IEC (2) When the evaluation bodies carry out the evaluation in the environment with possibility of having an access from an unauthorized party, they shall control the evaluation environment in such a manner that such access can be prohibited during evaluating. The network included in such evaluation environment shall be provided with the control mechanism: for example, isolation from the external network and prohibition of the access to the network from an unauthorized party, at least during evaluating Evaluation Methods (ISO/IEC clause 5.4.1) The evaluation bodies shall use CC as the evaluation criteria and CEM as the evaluation methods If CC and CEM are not able to be used for the evaluation of the particular IT products or system as they are, the evaluation bodies shall have separate documented procedures that are consistent with the specifications of CC and CEM as appropriate Non-standard Methods (ISO/IEC clause 5.4.4) The guidance documents published by CC Certification Body for application to the common criteria evaluation shall be deemed as standard methods and not fall under the non-standard methods When the evaluation bodies adopt the non-standard methods which are not specified in CEM, they shall adopt the one whose adequacy has been confirmed by CC Certification Body based on the Sponsor s agreement without fail, and describe its details in the evaluation technical report. The followings will fall under the non-standard methods; (1) The evaluation methods for the assurance component over EAL 4 of CC Ver. 2 series (2) Change of the standard methods (e.g. combination of standards, application of standards over the scope, change/expansion of standard, etc.) Some matters of the information of ISO/IEC clause Note a) to k) are not applicable to the common criteria evaluation Validation of Methods (ISO/IEC clause ) A few techniques for the determination of the performance of methods of ISO/IEC clause Note 2 such as calibration using reference standards or reference materials may not be applicable to the common criteria evaluation Estimation of Uncertainty of Measurement (ISO/IEC clause 5.4.6) ISO/IEC clause does not apply in the common criteria evaluation.

16 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 16/ Possession of Equipment (ISO/IEC clause 5.5.1, 5,5,2) The evaluation bodies shall document information, component, configuration, operation procedure etc. regarding all the equipments and test suites for performing evaluations. They shall have responsibility for the component, configuration and manipulation of the equipments and/or test suites The evaluation bodies shall control components and configurations of computers and other platforms used for evaluations. Procedures for ensuring that all the equipments (hardware and software) used are prepared to be stable as known state shall be prescribed by the evaluation bodies Measurement Traceability (ISO/IEC clause 5.6) Metrological traceability shall be applied to the equipments used for evaluation, when appropriate. When establishment of metrological traceability is required, the evaluation body shall establish in accordance with IAJapan Policy on Traceability of Measurement (URP23) published by IAJapan. The traceability shall also be established when subcontracting evaluation activities or part of its activities based on the requirement of clause 4.5 ISO/IEC or when using sponsor s equipments The evaluation body shall maintain all of its equipments to be in good condition in accordance with the recommendation of their manufacturers or with its procedures internally documented, or shall confirm that those equipments are in good condition before its use The evaluation body shall calibrate all of its equipment. For CC evaluation, calibration means verification that the equipment indicates the test results precisely. Test tools used of evaluation and is not a part of the unit at the evaluation shall be verified solely. The body shall maintain records of composition, configuration and verification of its equipments The evaluation body shall guarantee that the body can replicate evaluation equivalent to its initial evaluation. When envisaged that customer owned test tools are to be used for re-evaluation, the body shall make an agreement with the customer for duplication of the test condition ISO/IEC clause shall not be applicable in the common criteria evaluation Traceability to agreed methods specified in ISO/IEC clause shall be applicable in traceability of the whole evaluation in the common criteria evaluation. In this case, it is interpreted as the evaluation activity shall be traceable to matters stipulated as the evaluation elements in CC and matters stipulated as the evaluators action in CEM. NOTE: When the evaluation activity was certified by CC Certification Body based on the evaluation of the evaluation body and its evaluation result, it is said that it was proved by CC Certification Body that it was traceable to CC and CEM Handling and Identifying of Evaluation Items (ISO/IEC clause 5.8.2, 5.8.4) The evaluation bodies shall protect the evaluation deliverable (including PP, ST, TOE, documents produced by the developers, etc. and hereinafter it has the same meaning.) not to be altered unduly or not to be used by unauthorized parties access.

17 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 17/ The evaluation bodies shall maintain the system for identifying the evaluation items so as not to confuse the individual TOE, the evaluation platform and the peripheral equipment and their related records, when they have to evaluate plural TOE s at same time General Requirements for Reporting the Results (ISO/IEC clause ) In the common criteria evaluation, the evaluation technical report shall fall under the test reports of ISO/IEC clause The format of the evaluation technical report shall be determined by the evaluation bodies, and shall be the one notified to the accreditation body The evaluation bodies shall publish the evaluation technical report for the evaluation carried out. The evaluation technical report to be submitted to the Sponsors shall satisfy the necessary matters in the contract with the Sponsors and requirements of this document. The evaluation bodies shall be able to submit the proofs supporting the results of the evaluation When the result of the evaluation outside of the accreditation scope (e.g. the evaluation for the assurance component over EAL 5 of CC Ver.2) is included in the evaluation technical report with the accreditation symbol attached, it shall be identified that this evaluation result is a result of the evaluation outside of the accreditation scope Evaluation Technical Reports (ISO/IEC clauses , and ) The evaluation bodies shall notify the accreditation body of the person who has responsibility of issue (approval) of the evaluation technical report. The responsible person for issue of the evaluation technical report shall sign or seal the persons name on the evaluation technical report. Also, considering absence of the responsible person for the issue of the evaluation technical report, the deputy shall be designated (Please refer to ISO/IEC clause Note) For the date of the evaluation of TOE, etc., all of the dates for evaluation (or period is allowed) or the final date of the evaluation period shall be entered Multiple copies of the evaluation technical report may be issued for one TOE, etc. In this case, each report needs its unique identification. Duplicate of the report shall be in accordance with the regulation specified in clause (2) ISO/IEC clause shall not apply to the common criteria evaluation. Part 3 General Requirements for Testing Laboratories (Accreditation Scope: Information Technology - Cryptographic Module Testing) 3.1 General The accreditation body shall apply the relevant provisions of ISO/IEC to the applicants and the CM Testing laboratories (here in after referred to as CM laboratories ) as general requirements for the accreditation of ASNITE (the accreditation scope: Information Technology - Cryptographic Module Testing) The accreditation body shall take the regulations in the Part 3 as the application policy of general requirements based on the regulations specified in clause

18 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 18/ Scope of Management System (ISO/IEC clause 4.1.3) The CM laboratories shall identify the scope in writing (the quality manual, etc.). Particularly for the scope subject to accreditation, they shall identify the type of the test service (the cryptographic module testing, the cryptographic algorithm testing and the test procedures thereof) to handle and the type of the cryptographic module to handle. The scope subject to accreditation shall be either one among the following. (1) Basic cryptographic and Security (17BCS), Cryptographic Algorism Validation Testing (17CAV), Cryptographic Software Module Testing 1 (security level 1 to 3) (2) Basic cryptographic and Security (17BCS), Cryptographic Algorism Validation Testing (17CAV), Cryptographic Software Module Testing 1 (security level 1 to 3), Cryptographic Software Module Testing 2 (security level 4) (3) Basic cryptographic and Security (17BCS), Cryptographic Algorism Validation Testing (17CAV), Cryptographic Hardware Module Testing 1 (security level 1 to 3) (4) Basic cryptographic and Security (17BCS), Cryptographic Algorism Validation Testing (17CAV), Cryptographic Hardware Module Testing 1 (security level 1 to 3), Cryptographic Hardware Module Testing 2 (security level 4) (5) Basic cryptographic and Security (17BCS), Cryptographic Algorism Validation Testing (17CAV), Cryptographic Software Module Testing 1 (security level 1 to 3), Cryptographic Hardware Module Testing 1 (security level 1 to 3) (6) Basic cryptographic and Security (17BCS), Cryptographic Algorism Validation Testing (17CAV), Cryptographic Software Module Testing 1 (security level 1 to 3), Cryptographic Software Module Testing 2 (security level 4), Cryptographic Hardware Module Testing 1 (security level 1 to 3) (7) Basic cryptographic and Security (17BCS), Cryptographic Algorism Validation Testing (17CAV), Cryptographic Software Module Testing 1 (security level 1 to 3), Cryptographic Hardware Module Testing 1 (security level 1 to 3), Cryptographic Hardware Module Testing 2 (security level 4) (8) Basic cryptographic and Security (17BCS), Cryptographic Algorism Validation Testing (17CAV), Cryptographic Software Module Testing 1 (security level 1 to 3), Cryptographic Software Module Testing 2 (security level 4), Cryptographic Hardware Module Testing 1 (security level 1 to 3), Cryptographic Hardware Module Testing 2 (security level 4) 3.3 Organization (ISO/IEC clauses 4.1.4, 4.1.5, NIST HB ) The CM laboratories shall establish and maintain policies and procedures for maintaining impartiality and integrity in the conduct of cryptographic module testing. The policies and procedures may include but not limited to the following: (1) The CM laboratories shall not perform any services which may influence the result of testing, such as consulting service relevant to the subjects provided for cryptographic algorism validation and/or cryptographic module. In case the laboratory is part of the parent organization which performs or performed activities other than the testing activity and the activities may influence results of testing, the laboratory shall not perform any testing services for cryptographic algorism

19 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 19/43 validation and cryptographic module testing. However, the laboratory may perform consulting service to explain test conditions and their related documents. (2) For any other services of the laboratory s parent corporation, the laboratory shall have an explicit policy and a set of procedures for maintaining a strict separation, both physical and electronic, between the laboratory and who may have an interest in and/or may unduly influence the testing outcome. (3) The CM laboratory shall have no financial interest for the work performed under the present scope of accreditation other than its conformance testing and/or validation fees. (4) The CM laboratory shall not perform conformance testing on a module for which the laboratory has designed any part of the cryptographic algorism validation or cryptographic module, has developed original documents for any part of the cryptographic algorism validation or cryptographic module, has built, coded or implemented any part of the cryptographic algorism validation or cryptographic module, or have had any ownership or vested interest in the cryptographic algorism validation or cryptographic module. The laboratory may perform cryptographic algorism validation or cryptographic module testing when the laboratory has no ownership in the company and has a completely separated management from the company and business between the laboratory and the company is performed under contractual agreements as done with other sponsers. (5) The CM laboratory may take existing vendor documentation for a cryptographic algorism validation or cryptographic module (post-design and post-development) and consolidate or reformat the information (from multiple sources) into a set format. If this occurs, the validation programs shall be notified of this when the conformance test report is submitted. 3.4 Management System (ISO/IEC clauses 4.2.1, NIST HB ) The management system shall include policies and procedures to ensure the protection of proprietary information. The policies and procedures shall specify how proprietary information will be protected from persons outside the laboratory, from visitors to the laboratory, from laboratory personnel without a need to know, and from other unauthorized persons. 3.5 Review of Requests Tenders and Contracts (ISO/IEC clause , 4.4.3) If the CM laboratory conducts testing at any selected site other than the laboratory s site accredited for conformance testing, the site shall meet all requirements pertinent to the conformance testing of the cryptographic algorism validation or cryptographic module as the accredited testing laboratory. (NIST HB ) NOTE The laboratory may use checklists and/or contract agreements to satisfy this requirement Policies for documents storage and maintenance of contracts under confidentiality, nondisclosure agreements, marked as secret, or copyright protected, shall be well defined according to the document s status. These documents shall be protected commensurate with their classification and/or sensitivity, and access to them shall be given only to authorized personnel. (NIST HB )

20 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 20/ The testing laboratory and vendor shall agree, in writing, what constitutes the cryptographic algorism validation or cryptographic module and what constitutes the environment within the cryptographic validation. For this program, the environment includes, but it is not limited to: a) the specific test platform; b) the test configuration; and c) the external environment. (NIST HB ) 3.6 Subcontracting ISO/IEC clause (NIST HB ) (omitted) 3.7 Technical Records (ISO/IEC clause , ) The CM laboratory shall maintain a functional record-keeping system for each customer. Records shall be readily accessible and complete. Digital media shall be logged and properly marked, and they shall be properly and securely backed-up. Entries in paper-based laboratory notebooks shall be dated and signed or initialed. (NIST HB ) Software and data protected by nondisclosure agreements or classified as confidential shall be stored according to the vendor and/or government requirements and commensurate with the data sensitivity, and access shall be granted only to the authorized personnel. An access log file shall be maintained. (NIST HB ) If a vendor s system on which testing is conducted is potentially open to access by third parties, the CM laboratory shall ensure that the testing environment is controlled so that the third parties do not gain access to that system during testing. (NIST HB ) Records of all management system activities including training, internal audits, and management reviews shall be securely saved for future reviews. The integrity of electronic documents shall be assured by means commensurate with the data sensitivity. Documents in hard copy form shall be marked and stored in a secure location and, if necessary, a file logging any access, change, or addition shall be maintained to preserve a document s integrity and prevent unauthorized changes. (NIST HB ) The CM laboratories shall maintain records of the configuration of test equipment and all analyses to ensure the suitability of test equipment to perform the desired testing. (NIST HB ) The final test results and/or the test reports generated using cryptographic or security testing tools for the cryptographic algorism validation or cryptographic module shall be kept by the CM laboratory following the completion of testing for the life of the cryptographic algorism validation or cryptographic module, or as specified by the validation body and/or vendor in writing. Records may include hard or digital copies of the official test results and the test results error file(s). Records shall be stored in a manner that assures survivability, confidentiality, integrity, and accessibility. (NIST HB ) A copy of the final test results and/or the test reports generated using cryptographic or security testing tools for the cryptographic algorism validation shall be submitted to the validation program.

21 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 21/43 (NIST HB ) The CM laboratories shall determine the retention period of at least the following technical records and retain them: (1) The records of the version and the update of the software (2) The records for the test method and the test data 1) The records for the policy and the condition of test 2) Conformity/non-conformity of the cryptographic module submitted for test to the cryptographic module security requirements 3) The comprehensive records for traceability of the test items and the test activity 4) The copy of the test data (if appropriate, including the drawing, the test suite of the cryptographic algorithm, the photograph, the image, etc.) and the copy of the formal test reports 5) The telecommunication files including the question from the CM laboratories to CM Certification Body and the answer thereof. 3.8 Internal Audits (ISO/IEC clause , NIST HB ) In the case where only one member of a CM laboratory staff is competent in some technical aspects of the program, or is the only expert in conducting a specific aspect of the conformance testing, an external audit by an appropriate expert shall be necessary in order to audit this technical aspect. An audit shall include, at a minimum, but not be limited to: a) a review of documentation and instructions; b) adherence to procedures and instructions; and c) documentation of the audit findings. 3.9 Management Review (ISO/IEC clause , NIST HB ) The laboratory shall perform at least one full management review prior to the first on-site assessment Competence and Qualification of Personnel (ISO/IEC clauses 4.1.5h) and 5.2.1, 5.2.3) Competence of Technical Management of Applicants and CM Laboratories (1) The technical management shall have full responsibility for technical matters of the test. (2) The technical management shall have sufficient technical knowledge for the test and competence of the correct evaluation of the test results Competence and Qualification of Personnel for the Test of Applicants and CM laboratories (1) The CM laboratories shall have personnel who have enough knowledge and skills for the accredited scope such as holding academic degree for the relevant technical fields (e.g. bachelor for computer science, computer engineering, electronic engineering etc.), successfully completed technical trainings equivalent to the academic degree or have experiences equivalent to the degree or to the completed trainigns. (2) The personnel for the test shall have the internal qualification for the test. (3) The personnel for the test shall have the knowledge listed below and the criteria of the internal

22 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 22/43 qualification shall be adequate. 1) General requirements for the cryptographic module testing including preparation of the test reports by using the tool licensed by the CM Certification Body for the purpose of supporting generation of the test report. 2) Knowledge regarding cryptographic module security requirements 3) Knowledge regarding cryptographic module testing requirements 4) Knowledge regarding cryptographic algorithm testing requirements 5) Knowledge regarding operational guidance/manuals. (4) (omitted) If the mechanism by which the CM laboratory employs staff members is through contracting of personnel, any key personnel (including evaluation personnel and managerial staff) who are contractors shall be identified and listed in the evaluation body s application for accreditation. When a change in the key personnel employed through subcontracting occurs or when the direct supervision of this category of personnel is to be impossible, a report shall be submitted to the accreditation body. (NIST HB ) NOTE: Any of the above-listed changes in the personnel employed through subcontracting may affect the accreditation status of the CM laboratory An individual may be assigned or appointed to serve in more than one position; however, to the extent possible, the head of the CM laboratory and the quality manager positions should be independently staffed. (NIST HB ) The quality manager shall receive management system training preferably in ISO/IEC If training is not available in ISO/IEC 17025, minimum training shall be acquired in the ISO 9000 series, especially ISO 9001, or equivalent with particular emphasis on internal auditor training. (NIST HB ) 3.11 Education / Training of Personnel (ISO/IEC clause 5.2.2) The management of the applicants and the CM laboratories shall have the policy and procedures for providing the education/training for the personnel including the personnel for the test. This education/training program shall be adequate for the test work of the applicants and the CM laboratories The education/training program in clause shall at least focus on the matters of clause 3.4.1(3). Also, if necessary for the test work, the education/training for the matters of clause 3.4.1(4) shall be carried out. These education/trainings shall be periodically and deliberately carried out to the personnel for the test so as to enable to continue a suitable test and to correspond to the latest technology The personnel of the CM laboratory shall possess knowledge of, or be trained prior to accreditation on/in the areas listed below: (NIST HB ) a) general requirements of the test methods, including generation of test reports; b) system security concepts; c) physical security;

23 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 23/43 d) identification and authentication technologies and techniques; e) familiarity with cryptographic and security terminology; f) standards compliance; g) manipulation and maintenance of the test tools likened by the CM Certification body h) familiarity with the Internet and Internet-related software and the ability to locate and securely download references and information from a given website The CM laboratory shall have a competency review program and procedures for the evaluation and maintenance of the competency of each staff member for each test method the staff member is authorized to conduct. An evaluation and an observation of performance shall be conducted annually for each staff member by the immediate supervisor or a designee appointed by the laboratory director. A record of the annual evaluation of each staff member shall be dated and signed by the supervisor and the employee. (NIST HB ) If more than 60 % of the personnel that participated in the latest (re)accreditation process has left the CM laboratory, the laboratory shall inform IAJapan. IAJapan will assign a nonconformity to the laboratory due to the inability to demonstrate competence. The laboratory shall address the nonconformity through corrective and preventive actions. IAJapan reserves the right to require a reassessment if considered necessary. (NIST HB ) 3.12 Facility and Environmental Condition (ISO/IEC clauses 4.1.5c) and 5.3) Protection of customer s confidential information and proprietary rights (1) The applicants and the CM laboratories themselves shall manage at least the following facilities, etc. and have the policy and procedures for protection of customer s confidential information and proprietary rights: 1) Facility for carrying out the cryptographic module testing (the testing room) 2) Storing place of the confidential information for the testing 3) Facility provided with tools for transmittal of the confidential information for the testing (FAX, Electronic mail, etc.) NOTE: 2) and 3) mentioned above may be placed in 1) hereinabove, or in the different place from 1) hereinabove. In either case, the protection of its customer s confidential information and proprietary rights shall be adequate. (2) The CM laboratories shall have a suitable testing room required for testing from the viewpoint of security of the protection of its customer s confidential information and proprietary rights. (3) The policy and procedures for the storing place should include at least the following matters; 1) Not to bring out the confidential information for the testing, except for the unavoidable case (e.g. the case of carrying out the test at the customer s site, the case of communication with CM Certification Body, etc.). 2) To abolish the confidential information for the testing, in an unrecoverable condition, or erase it when it is not needed. If necessary, it shall be surely returned to the Sponsor, etc. (Example) The examples of the abolishment or erasure in unrecoverable condition are the abolishment by a shredder, etc., or dissolution by a paper dissolution treatment device for paper

24 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 24/43 mediums, and initialization or physical destruction for electronic mediums. (4) The CM laboratories shall ensure to protect confidential information in the transmittal route including the sending side and the receiving side in the case of transmitting the confidential information for the cryptographic module testing. If the protection is not ensured in the partial or whole transmittal route, the means of protecting the confidential information shall be taken. (Example) The way of the protection in the case of sending/receiving may be to include the confidential information in the attached file instead of including it in the mail text and to encrypt such attached file. (Example) The way of the protection in the case of sending the confidential information by FAX in unavoidable case may be to have the receiver wait for such information in front of the FAX machine in advance by the telephone arrangement before sending. (5) The applicants and the CM laboratories shall maintain the ethics regulation for protection of customer s confidential information and proprietary rights Facility for carrying out cryptographic module testing and its Environmental Condition (1) The CM laboratories shall maintain at least the following facilities as a testing environment: 1) Environment for using the electronic mail satisfying the conditions of clause (1)3) 2) Environment for use of internet (for access to the information for the test and the list of certified products, sent by CM Certification Body) (2) When the CM laboratories carry out the cryptographic module test in the place other than their permanent facility (e.g. the customer s site, etc.), they shall enable its environment to comply with the general requirement of ISO/IEC clause 5.3. (3) When the applicants and the CM laboratories carry out the test in the environment with possibility of having an access from unauthorized parties, they shall control the testing environment in such a manner that such access can be prohibited during the test. The network included in such evaluation testing environment shall be provided with the control mechanism such that isolation of it from the external network or prohibition of the access to the network from unauthorized parties, at least during the test. (NIST HB ) If the CM laboratory is conducting multiple simultaneous testing activities, a system of separation between cryptographic algorism validations and cryptographic modules of different vendors and conformance testing activities shall be maintained as necessary. (NIST HB ) For all conformance testing and validations, the CM laboratory shall ensure that any file containing old results or old test programs on the cryptographic algorism validation or cryptographic module is isolated from the current test programs and test or validation results. NIST HB ) 3.13 Test Methods (ISO/IEC clause 5.4.1) The CM laboratories shall use the cryptographic module testing requirements, the cryptographic algorithm testing requirements and the operation guidance as test methods If necessary, the CM laboratories shall have separate documented procedures that are

25 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 25/43 consistent with the specifications of the cryptographic module test methods Tests may be conducted at the vendor or laboratory site or at another mutually agreed-upon site. When testing is performed at a vendor site, requirements prescribed in clause 5.3 of ISO/IEC shall apply. Only the personnel of the CM laboratory shall perform all actions necessary to conduct the tests and record the results, including the loading, compiling, configuring, and execution of any of the mandated testing tools. (NIST HB , 5.4.1) (omitted) 3.14 Non-standard Methods (ISO/IEC clause 5.4.4) The guidance documents published by the CM Certification Body for application to the cryptographic module testing shall be deemed as standard methods and not fall under the non-standard methods When the CM laboratories adopt the non-standard methods which are not specified in accordance with the methods specified in clause , they shall adopt it based on the customer s agreement without fail, and describe its details in the test reports Some matters of the information of ISO/IEC clause Note a) to k) do not apply to the cryptographic module testing/certification Validation of Methods (ISO/IEC clause ) A few techniques for the determination of the performance of methods of ISO/IEC clause Note 2 such as calibration using reference standards or reference materials may not be applicable to cryptographic module testing Estimation of Uncertainty of Measurement (ISO/IEC clause 5.4.6) ISO/IEC clause is not applicable to the cryptographic module testing Possession of Equipment (ISO/IEC clause 5.5.1) The CM laboratories shall possess the necessary equipment for the cryptographic module testing by means of purchase, lease or rental and maintain it so that they can use it at any time or before the tests being carried out. This equipment shall include but not limited to the followings to be used by the CM laboratories for the cryptographic module testing. (1) Hardware (2) Software (3) Tools, equipments and facilities for the physical test of security (4) Specific devices or equipments needed for employing all tests listed in latest version of applicable standards regarding the scope of accreditation Other testing machinery device. (NIST HB ) If the software evaluation tool or test tool is of software, the CM laboratories shall secure conformity of the said software to ISO/IEC clause When the CM laboratories temporarily use the equipment other than the one permanently

26 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 26/43 managed by the CM laboratories, including the equipment owned by customers, for the cryptographic module testing, they shall ensure conformity of the equipment to ISO/IEC clause 5.5 by making a contract with customers. NOTE: The contract shall have a necessary and sufficient content. For example, when it is necessary to use the tool owned by the customers again for re-testing, it is sufficient to ensure re-creation of the same testing environment as that of the initial testing, and it may not be necessary for the contract to require maintenance/storage of the tool used in the initial testing Maintenance of Equipment and Calibration (ISO/IEC clause 5.5.1, 5.5.2, 5.5.3) The applicants and the CM laboratories shall maintain the equipment to be used for the cryptographic module testing according to the following matters: The equipment means hardware, software, test tools and computer equipment to conduct cryptographic and security testing. (NIST HB ) (1) For tools rented from CM Certification Body, requirements of CM Certification Body (2) Recommendation of the manufacturer (3) Procedures documented by the applicants and the CM laboratories, if possible The equipment used for conducting cryptographic and security testing shall be maintained in accordance with the manufacturer s recommendations and in accordance with internally documented laboratory procedures, as applicable. Test equipment refers to software and hardware products and/or other assessment mechanisms used by the laboratory to support the cryptographic and security testing of the cryptographic algorism validation or cryptographic module. (NIST HB ) Whenever major or minor changes are made to any testing tool, a CM laboratory shall have procedures to assure the accurate execution and correct performance of the test tool. The procedures shall include, at a minimum, the complete set of regression testing of the test tool. This is necessary to ensure that consistency is maintained, as appropriate, with other testing laboratories and that correctness is maintained with respect to the relevant standard(s) or specification(s). (NIST HB ) For a given test tool, there may be no suitable validation service available outside the CM laboratory to which accreditation is applicable, and no suitable reference implementation that could be used by the CM laboratory to validate the test tool. In this situation, the CM laboratory shall define and document the procedures and methods that it uses to check on the correct operation of the test tool, and provide evidence that these procedures and methods are applied whenever the test tool is modified. (NIST HB ) The CM laboratory shall document and follow appropriate procedures whenever a test tool is suspected or found to contain errors that make the tool defective or unfit for use. These procedures shall include establishing that there is a genuine error, reporting the error to the appropriate maintenance authority or validation body. If the conformance testing results change for an cryptographic algorism validation or cryptographic module after correcting the test tool then the information shall be transmitted to the vendor and the CM Certification Body. (NIST HB

27 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 27/ ) The CM laboratories shall review the equipment to ensure that the testing activity will not be disturbed and integrity of the cryptographic module function in the test is not damaged in every respect. (NIST HB ) NOTE: The verification of the equipment to be used for the cryptographic module testing is a means for confirmation of that the difference between the value indicated by the equipment and the known value of the measurement corresponding to the equipment is always smaller than the maximum permissible difference defined by standards, statutes or the regulated specification of such equipment. As a result of verification, it is necessary to judge whether recovering the function for use, adjusting, repairing, or removing from use or disposing The calibration of the hardware and software shall be accomplished through: a) configuration management for all hardware and software; or b) a version control system. (NIST HB ) Records shall be kept of the date, extent of all hardware and software upgrades and updates and periods of use. (NIST HB ) (Omitted) 3.19 Measurement Traceability (ISO/IEC clause 5.6) Metrological traceability shall be applied to the equipments used for the testing, when appropriate. When establishment of metrological traceability is required, the evaluation facility shall establish in accordance with IAJapan Policy on Traceability of Measurement (URP23) published by IAJapan. This traceability shall also be ensured when the subcontract of the cryptographic module testing is made based on ISO/IEC clause 4.5 or when the equipment of the customers is used according to the provision in clause ISO/IEC clause does not apply to the cryptographic module testing For cryptographic module testing, traceability is interpreted to mean that the validation test tools shall be traceable back to the underlying requirements of the normative standards. This means that each abstract test case and the associated evaluation methodology are traceable to a specific cryptographic or security requirement listed in the governing documentary standard, and that the abstract tests cases are achieved via the assertions and associated DTRs documented in the testing tool in use. Test results produced by the testing laboratory shall be traceable to standard test suites when appropriate, or otherwise to the applicable authoritative test suite. Thus, Traceability to agreed methods specified in ISO/IEC clause shall be applicable to traceability of the whole cryptographic module testing. In this case, the agreed methods mean the cryptographic module testing requirements and the cryptographic algorithm testing requirements. (NIST HB ) NOTE: The cryptographic module testing carried out by the CM laboratories is said to be proved by the CM Certification Body to be traceable to the cryptographic module testing (and the cryptographic algorithm testing), when it is certified by the CM Certification Body based on the result of such the test.

28 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 28/ The CM laboratory shall ensure that any test tool used to conduct cryptographic and security testing is performing properly according to the validation body specifications. The CM laboratory shall also examine to ensure that the tool does not interfere with the conduct of the test and does not modify or impact the cryptographic algorism validation or cryptographic module. (NIST HB ) Confirmation of the use of the most current version of testing tools shall be assured before conducting a test. Records of these confirmations shall be maintained. (NIST HB ) The CM laboratories shall maintain records of the configuration of test equipment and all analyses to ensure the suitability of test equipment to perform the desired testing. (NIST HB ) If applicable, the equipment used for conducting the conformance tests shall be maintained and calibrated in accordance with the manufacturer s recommendation, as specified in the test method. (NIST HB ) For calibrations performed in-house, the reference standards used and the environmental conditions at the time of calibration shall be documented for all calibrations. Calibration records and evidence of the traceability of the reference standards used shall be made available for inspection during the on-site visit. (NIST HB ) When exceptions to the test methods are deemed necessary for technical reasons, the vendor and the CM Certification Body shall be informed and details shall be described in the test report. Documentation shall be provided on the test method exceptions taken to ensure that the correct and required precision and interpretation of the program-specific test method is maintained. When necessary, these reports may be used by the CM Certification body to update the test methods and the accompanying documentation. The validation of a test method is the process of verifying as far as possible that the test method will produce results that are consistent with the specifications of the relevant program-specific requirements, with any relevant standards and, if applicable, with previously accepted, validated test methods. (NIST HB ) In those technical areas where there is a difference between program-specific test objectives and the testing tool s abstract test cases, the CM laboratory shall show how each realization of a test case is derived faithfully from the corresponding standards, with preservation of assignment of verdicts or measurements to the corresponding sets of observations. (NIST HB ) 3.20 Handling of test items and their identification (ISO/IEC clause 5.8.1) The CM laboratories shall protect all cryptographic algorism validations, cryptographic modules and test tools from modifications of any kind or unauthorized access and use. (NIST HB ) 3.21 Handling and Storage of Test Items (ISO/IEC clause 5.8.2, 5.8.4) The CM laboratories shall protect the test items so as not to be altered unduly or not to be

29 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 29/43 used by unauthorized parties access The CM Testing laboratories shall maintain the system for identifying the test items so as not to confuse the test items, the testing platform and the peripheral equipment and their related records When the cryptographic algorism validation or cryptographic module consists of software components, the CM laboratory shall ensure that a configuration management is in place to prevent inadvertent modifications. This configuration management shall uniquely identify each cryptographic algorism validation or cryptographic module and control and document modifications to any of the software components. (NIST HB ) 3.22 Reporting the Results (ISO/IEC clause ) The format of the test reports shall be determined by the CM laboratories, and shall be the one notified to the accreditation body The CM laboratory shall issue test reports of its work that accurately, clearly, and unambiguously present the test conditions, the test setup when it varies from the standard protocol, the test results, and all other information necessary to reproduce the test. The CM laboratories shall publish the test reports for the test work carried out. The test reports to be submitted to CM Certification Body shall be prepared by use of the tools rented from CM Certification Body for the purpose of supporting production of the cryptographic module test reports and it shall be the one approved by JCMVP. Also, the test reports to be submitted to the customers shall satisfy the matters required in the contract with the customers and the requirements of this document. The CM laboratories shall be able to submit the evidences supporting the results of the cryptographic module testing. (NIST HB ) When the result of the cryptographic module testing outside of the accreditation scope is included in the test reports with the accreditation symbol attached, it shall be clearly identified that this test results are results of the cryptographic module testing outside of the accreditation scope Test Reports (ISO/IEC clauses , and ) The CM laboratory shall perform an independent technical quality review of the test report submission documents prior to submission to the CM Certification body. This shall address accuracy, completeness, sufficient evidence of test results and consistency. A record of this review shall be maintained. (NIST HB ) The CM laboratories shall notify the accreditation body of the person who has responsibility of issue (approval) of the test reports. The responsible person for issue of the test reports shall sign or seal the name on the test reports. Also, considering absence of the responsible person for the issue of the test reports, the deputy shall be designated (Please refer to ISO/IEC clause Note) For the date of the cryptographic module testing, all of the dates for the test (or the period is allowed) or the final date of the testing period shall be entered Multiple copies of the test reports may be issued for one cryptographic module testing. In this

30 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 30/43 case, each report needs its unique identification. Duplicate of the report shall be in accordance with the provisions specified in clause (2) The CM laboratories may submit either a printed or an electronic report as instructed by the CM Certification body. The electronic version shall have the same content as the printed reports and shall be generated using a software application that is acceptable to the CM Certification body. (NIST HB ) The CM laboratory shall ensure that an integrity and confidentiality mechanism commensurable with the data sensitivity and/or programmatic requirements and/or government requirements when electronic delivery of the test reports to the CM Certification body is employed to ensure that the test report cannot be disclosed to anyone other than the intended recipient(s) and an integrity mechanism exists to ensure that the test report is not modified. (NIST HB ) For test reports created for validation purposes and submitted to the CM Certification body, the CM laboratory shall issue corrections or additions to a test report only by a supplementary document that is suitably marked and that meets the requirements of the respective validation program such as CM Certification body. For test reports created for purposes other than official cryptographic algorism validation, the CM laboratory shall issue corrections or additions to a test report only by a supplementary document suitably marked; e.g., Supplement to test report serial number [ ]. If the change involves a test assertion, this document shall specify which test assertion is in question, the content of the result, the explanation of the result, and the reason for acceptance of the result. (NIST HB ) ISO/IEC clause does not apply to the cryptographic module testing. Part 4 General Requirements for System LSI Penetration Testing Laboratories (Accreditation Scope: Information Technology System LSI penetration testing 4.1 General The accreditation body shall apply the relevant provisions of ISO/IEC to the applicants and the Penetration testing laboratories (here in after referred to as Penetration laboratories ) as general requirements for the accreditation of ASNITE (the accreditation scope: Information Technology System LSI penetration testing) The accreditation body shall take the regulations in the Part 4 as the application policy of general requirements based on the regulations specified in clause An Penetration laboratory seeking multi-site accreditation shall be applicable with the requirements prescribed in Annex 1 Specific requirement for Accreditation to multi-site laboratory of this document. 4.2 Scope of Management System (ISO/IEC clause 4.1.3) The Penetration laboratories shall identify the scope in writing (the quality manual, etc.). Particularly for the scope subject to accreditation, they shall identify the type of the test service to handle. Particularly the scope subject to accreditation shall be the following:

31 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 31/43 (1) System LSI penetration test for AVA_VAN based on CC supportive documents regarding smart cards. NOTE: When a Penetration laboratory is subcontracted with an evaluation body for penetration tests, the evaluation body is the client of the penetrations tests (hereinafter referred to as p-test client). 4.3 Internal Audits (ISO/IEC clause ) In the case where only one member of Penetration laboratory staff is competent in some technical aspects of the program, or is the only expert in conducting a specific aspect of the conformance testing, an external audit by an appropriate expert shall be necessary in order to audit this technical aspect. An audit shall include, at a minimum, but not be limited to: (1) a review of documentation and instructions; (2) adherence to procedures and instructions; and (3) documentation of the audit findings. 4.4 Competence and Qualification of Personnel (ISO/IEC clauses 4.1.5h) and 5.2.1) Competence of Technical Management of Penetration laboratories (1) The technical management shall have full responsibility for technical matters of the test. (2) The technical management shall have sufficient technical knowledge for the penetration tests and competence of the correct evaluation of the test results. (3) The technical management shall have the following knowledge and competence of doing the education/training and suitable supervising/direction to the penetration testing personnel. 1) fundamental knowledge for CC evaluation 2) Knowledge for vulnerability and variety of attacks regarding System LSIs 3) Knowledge for CC supportive documents regarding smart cards. (4) The manager (the technical manager or the deputy) of the technical management should have the knowledge of (3) above and the experience of the development of system LSI or in the field of penetration test at least for three years Competence and Qualification of Personnel for the Penetration laboratories (1) The personnel for the penetration tests shall have the internal qualification for the test. (2) The personnel for the penetration tests shall have the knowledge specified in clause (3) and the criteria of the internal qualification shall be adequate. (3) The personnel for the penetration tests should have the experience of developing system LSIs. (4) The Personnel shall have professional skills to perform at least one of the field of penetration tests listed below; 1) Differential Power Analysis (DPA) attack 2) Electro Magnetic Analysis (EMA) attack 3) Differential Faults Analysis (DFA) attack 4) Perturbation attack 5) Physical attack

32 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 32/43 6) Software attack If the mechanism by which the Penetration laboratory employs staff members is through contracting of personnel, any key personnel (including evaluation personnel and managerial staff) who are contractors shall be identified and listed in the evaluation body s application for accreditation. When a change in the key personnel employed through subcontracting occurs or when the direct supervision of this category of personnel is to be impossible, a report shall be submitted to the accreditation body. NOTE: Any of the above-listed changes in the personnel employed through subcontracting may affect the accreditation status of the Penetration laboratory. 4.5 Education / Training of Personnel (ISO/IEC clause 5.2.2) The management of the Penetration laboratories shall have the policy and procedures for providing the education/training for the personnel including the personnel for the penetration tests. This education/training program shall be adequate for the test work of the Penetration laboratory The education/training program shall at least focus on the matters of clause (3). These education/trainings shall be periodically and deliberately carried out to the personnel for the penetration tests so as to enable to continue a suitable test and to correspond to the latest technology on attacks regarding vulnerabilities Penetration laboratories shall have a competency review program and procedures for the evaluation and maintenance of the competency of each staff member and this evaluation and an observation of performance shall be conducted annually. Method of the program shall be documented as one of its quality management documents and to be reviewed periodically. The method for confirmation of personnel competency may be by reviewing the cases of evaluation performed by personnel or by confirming the results/outcomes of educations/trainings. 4.6 Technical Records (ISO/IEC clause ) Penetration laboratories shall set the period of retention of their technical records in accordance with requirements specified by their Sponsors or by p-test clients. 4.7 Facility and Environmental Condition (ISO/IEC clauses 4.1.5c) and 5.3) Requirements for facility and environmental conditions shall be in accordance with the requirements set in clause 2.11 of this document. In this regard, Penetration laboratories shall have their policies and/or procedures to ensure that their customer s confidential information and proprietary rights are to be protected. 4.8 Test Methods (ISO/IEC clause 5.4.1) Penetration laboratories shall perform penetration tests by the standards and methods those have been designated or authorized by their Sponsors or by p-test clients. 4.9 Non-standard Methods (ISO/IEC clause 5.4.4)

33 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 33/ The guidance documents published by CC Certification Body for application to the penetration testing and common criteria evaluation shall be deemed as standard methods and not fall under the non-standard methods When Penetration laboratories adopt the non-standard methods which are not specified in CC supportive documents for smart cards, they shall adopt the one whose adequacy has been confirmed by CC Certification Body based on the Sponsors agreement without fail. The followings will fall under the non-standard methods; (1) The evaluation methods for the assurance component over AVA_VAN.5 (2) Change of the standard methods (e.g. combination of standards, application of standards over the scope, change/expansion of standard, etc.) 4.10 Estimation of Uncertainty of Measurement (ISO/IEC clause 5.4.6) ISO/IEC clause shall only be applicable in case that internal calibrations are carried out for reference standards owned or used for the tests by Penetration laboratories Possession of Equipment (ISO/IEC clause 5.5.1) Requirements for possession of equipments shall be in accordance with the requirements set in clause 3.17 of this document. In this regard, the requirements for CMVP co-certification in clause 3.17 are not applicable Maintenance of Equipment (ISO/IEC clauses 5.5.2,and 5.5.3) Requirements for maintenance of equipments shall be in accordance with the requirements set in clauses , , and of this document Measurement Traceability (ISO/IEC clause 5.6) Metrological traceability shall be applied to the equipments used for the penetration testing, when appropriate. When establishment of metrological traceability is required, the evaluation facility shall establish in accordance with IAJapan Policy on Traceability of Measurement (URP23) published by IAJapan ISO/IEC clause does not apply to the penetration tests Reporting the Results (ISO/IEC clause ) In the penetration testing, the penetration test reports shall fall under the test reports of ISO/IEC clause The format of the penetration test reports shall be determined by the applicants and the Penetration laboratories, and shall be the one notified to the accreditation body Penetration laboratories shall issue the penetration test report for the penetration test carried out. The penetration test report to be submitted to the Sponsors or to the p-test clients shall satisfy the necessary matters in the contract with the Sponsors (or with the p-test clients) and requirements of this document. Penetration laboratories shall be able to submit the proofs

34 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 34/43 supporting the results of the penetrations tests When the results of the penetration test outside of the accreditation scope are included in the penetration test report with the accreditation symbol attached, it shall be identified that these penetration test results are the results of the penetration test outside of the accreditation scope Test Reports (ISO/IEC clauses , and ) Penetration laboratories shall notify the accreditation body of the person who has responsibility of issuing (approval) the penetration test report. The responsible person for issuing of the penetration test report shall sign or seal the persons name on the penetration test report. Also, considering absence of the responsible person for the issuing of the penetration test report, the deputy shall be designated (Please refer to ISO/IEC clause Note) For the dates of the penetration tests, etc., all of the dates for testing (or period is allowed) or the final date of the penetration test period shall be described ISO/IEC clause shall not apply to the penetration testing. Part 5 Miscellaneous 5.1 Obligations The applicants and the accredited laboratory shall abide by the following matters: (1) To always comply with the relevant clauses of ISO/IEC (2) To comply with requirements determined by the accreditation body based on the relevant clauses of ISO/IEC (including the payment of the fee determined by the accreditation body). (3) To claim only with respect to the evaluation/test works within the accredited scope in the case of referring to having been accredited. (4) Not to quote its accreditation in such a manner as to bring the accreditation body into disrepute and also not to make any statement of the accreditation for which the accreditation body judges as it may lead to misunderstanding or for activities the accreditation body does not grant the accreditation. (5) To immediately stop using the publications including reference to the accreditation, in the case of temporary suspension of the accreditation or withdraw thereof. (6) To quickly return the accreditation certificate to the accreditation body, in the case of suspension of the accreditation or cancellation thereof. (7) Not to use the accreditation in such a manner as to lead misunderstandings that the quality of the products have been guaranteed by the accreditation body. (8) To make efforts so that the evaluation technical report or the test report or a part thereof be used in a manner of giving misunderstandings. (9) To follow the regulations specified by the accreditation body for the way of quoting the accreditation symbol and the accreditation in the evaluation technical report or the test report, and quoting the accreditation in the media like advertising publications, pamphlets, other documents, etc.

35 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 35/43 (10) To provide necessary accommodation and cooperation in the assessment and the contract assessment carried out by the accreditation body to confirm conformity to the accreditation requirements, and in the assessment of documents, access to the whole area for the accredited evaluation/test works, review of the records, interviewing with the personnel, etc. for the purpose of the resolution of complaints. (11) To complete actions of changing the necessary procedures for complying with the new requirements within the adequate period upon receiving the notice of changes of the accreditation requirements from the accreditation body, and notify the accreditation body of the completion of actions The applicant shall sign and seal its name on the format For Confirmation of General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology and submit it to the accreditation body together with the application documents at the time of application. 5.2 Necessary Procedure for Accreditation Application The applicant shall go through the following procedures in accreditation application. (1) To prepare and submit the accreditation application and the attachment documents (the documents listed in the guide for accreditation application, etc. separately specified). (2) To submit the quality manual and its attachment documents, if required. (3) To accept the on-site assessment (access to the whole area for the accredited evaluation/test works, assessment of the documents, review of the records, interviewing with the personnel, etc.) carried out for confirming conformity to requirements of the accreditation. (4) To improve the matters pointed out as non-conformity to requirements of the accreditation, and report results thereof. (5) To submit the request for suspension of accreditation process to the accreditation body if it becomes necessary to suspend the accreditation application procedure due to the convenience of the applicant during the accreditation application process. (6) To submit the request for discontinuation of the accreditation process to the accreditation body if it becomes necessary to withdraw accreditation application due to the convenience of the applicant during the accreditation application process. (7) To submit the request for correction of accreditation application to the accreditation body if it becomes necessary to correct accreditation application due to the convenience of the applicant during the accreditation application process. 5.3 Periodic Confirmation of Technical Competence The applicants and the accredited bodies shall undergo any one of the following proficiency testing (proficiency testing etc. prescribed in IAJapan Policy on Proficiency Testing (URP024) )for each accreditation scopes: (1) The applicants 1) The applicants to submit with the scope of CC evaluation

36 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 36/43 The trial evaluation set in clause of this document. 2) The applicants to submit with the scope of cryptographic module testing Artifact tests provided by the CM certification body or NVLAP 3) The applicants to submit with the scope of Penetration testing Proficiency tests informed by IAJapan or any tests recognized by IAJapan to be equivalent to the tests informed. (2) The accredited bodies 1) CC Certification body The evaluations of products to be applied as certified products performed under supervision of CC Certification body. 2) Cryptographic module testing laboratory shall participate at least one of the following proficiency tests; a) Tests performed by using the tool to perform cryptographic algorithm tests licensed by the CM Certification body at the timing of reassessments/surveillances for accreditation b) Tests performed by using the tool to support generating cryptographic test reports licensed by the CM Certification body at the timing of reassessments/surveillances for accreditation c) Confirmation of understanding/interpretation of data exchange and test results produced by the test suites at the timing of reassessments/surveillances for accreditation d) Confirmation of technical knowledge regarding among the scope of accreditation at the timing of the reassessments /surveillances for accreditation e) Interviews by the CM Certification body regarding technical aspects f) artifact tests organized by the CM Certification body 3) Penetration testing laboratory Proficiency tests informed by IAJapan or any tests recognized by IAJapan to be equivalent to the tests informed. 5.4 Notification of Change When changes of the laboratory status or the operation occur and they fall under any of the following, the accredited laboratory shall submit the notification of accreditation change to the accreditation body within about 30 days after such changes occur: (1) In the case where the name or address of the accredited laboratory was changed. The change of the address includes the change of the location of premises (movement of the accredited laboratory) and the change of the address denotation (2) In the case where the documents specifying the matters for the way of performing the accredited evaluation/test works (including the procedures and the quality manual) were changed (3) In the case where the equipment to be used for the accredited evaluation/test works, the facility, the organization and the employees were changed (4) In the case where the security assurance components of the accredited scope in the accreditation scope of common criteria evaluation were changed (provided that it shall be reapplication, for increasing the figures of EAL).

37 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 37/ Prohibiting of certification work in accordance with the standards to be used for accreditation (IAF-ILAC JGA 2007 Sydney Resolution 7) The applicants and the accredited bodies are prohibited to perform certification activities by using the standards for accreditation (e.g. ISO/IEC 17025). There is a case that the conformity assessment body needs to do assessment that its subcontractor be conformed to the relevant requirements of ISO/IEC and/or other requirements of standards, however the body shall issue any documents for only subcontracting purpose and clearly state in the document that this document is issued not for certification/accreditation in accordance with ISO/IEC Obligations of the applicants and the accredited bodies (IAF-ILAC-A5:11/2013 M8.1.1e) ) The applicants and the accredited bodies shall have enforceable arrangements with their clients to provide, on request, access to IAJapan assessment team to assess the applicants/accredited bodies performance to carrying out evaluation/testing activities at the client s site in case of identifying witnessing of the evaluation/testing activities is needed. 5.7 Notification of Succession When the accredited laboratory assigns all of their accredited evaluation/test works or it is merged, the incorporation to which all of the works are assigned or the incorporation after merger may succeed the status of the accredited laboratory The party who succeeded the status of the accredited body shall go though the following procedures in addition to the notification of changes in clause 5.4 ; (1) The incorporation which succeeded the status of the accredited laboratory by taking over all of the works shall submit the notification of accreditation assignment. (2) The incorporation which succeeded the status of the accredited laboratory by the merger shall submit the notification of accreditation succession. 5.8 Contract Assessment The accredited laboratory shall accept the contract assessment carried out by the accreditation body for confirmation of continuing conformity to accreditation requirements. There are a periodical assessment (periodic partial surveillance and re-assessment) and an extraordinary assessment in the contract assessment The accreditation body shall perform the first periodical partial surveillance in principle within one year after the accreditation. The partial surveillance shall be made for the following matters out of all requirements of ISO/IEC (1) Confirmation of improvement condition of non-conformity matters (including the matters to be observed) in the initial accreditation assessment (2) Changes after the initial accreditation assessment (3) Confirmation of conformity of the management system such as the management review, the

38 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 38/43 implementing situation of the internal audit, etc The re-assessment (all clauses assessment) by the accreditation body shall be carried out for all clauses of ISO/IEC requirements. The re-assessment shall be carried out within three years after the day of initial accreditation and within four years after the day of initial accreditation. Thereafter, it shall be carried out in principle within two years after the day of the previous the re-assessment The accreditation body may carry out the extraordinary assessment of the accredited laboratory if the following matters occur or are likely to occur to the accredited laboratory and the quality manager or the measuring committee of the accreditation body approves its necessity: (1) In having significant complaints or the other situations, the acute question is shown for conformity to accreditation criteria, or the quality of the evaluation or the cryptographic module testing. (2) There were changes affecting the technical competence such as changes of the technical management, the retirement of the chief evaluator, office move, relocation or change(s) on testing facility and/or equipment, etc. (3) There was the accreditation succession. (4) The result of the proficiency testing showed the question for the technical competence as the accredited laboratory 5.9 Notification of Abolishment When the accredited laboratory withdraws all or part of its work or reduces its scope of work, it shall notify the accreditation body of the withdraw of its accreditation together with the accreditation certificate thereof within about 30 days after the abolishment, etc Suspension of Accreditation The accreditation shall be suspended if applicable to any of the following matters. If the accreditation of the testing laboratory is suspended, the fact shall be published by the accreditation body. (1) In the case when as a result of the contract assessment, the significant non-conformity was found and the evaluation committee evaluates to determine the suspension of the accreditation (for example, the suspension of the accreditation is determined, when it is recognized to need about 30 days or more for improvement of non-conformity, or when it is necessary to investigate the influence ascending to the past by the reason of the significant errors in the issued evaluation technical report, etc.). (2) In the case when the result of the proficiency testing has showed the question for the technical competence as the accredited laboratory Withdrawal of Accreditation The accreditation shall be cancelled if applicable to any of the following matters. If the accreditation of the testing laboratory is withdrawn, the fact shall be published by the accreditation body. Also, the accreditation certificate shall be returned.

39 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 39/43 (1) In the case where accredited laboratory did not undergo the contract assessment defined by the clause 5.8 or the proficiency testing defined by the clause 5.3 ; (2) In the case where the expense of the contract assessment defined by the clause 5.8 or the proficiency testing defined by the clause 5.3 is not paid by the accredited laboratory (3) In the case where it is found that the evaluation technical report or test report with the accreditation symbol attached is issued of which activities are out of the accreditation scope (provided that this is not applicable if it is clearly identified in the report that the result is outside of the accreditation scope.). (4) In the case where it is found that there is no technical competence as a result of the contract assessment or the proficiency testing. (5) In the case when it is found that the evaluation/test works had been carried out in deviating very much from this requirement. (6) In the case when it has been repeatedly required to improve the same findings as being required in the past in the contract assessment, etc. (7) In the case when it is found to have been accredited by the illegal means Requirements for Handling of Accreditation Symbol The accreditation body shall apply to the applicant and the accredited laboratory requirements specified in clause through for the method of use of the accreditation symbol and the handling of use limitation thereof. The applicant and the accredited laboratory shall comply with all of those requirements Policy (1) When the accredited laboratory carries out the evaluation or the cryptographic module testing within the accreditation scope, it may issue the evaluation technical report or the test report with the accreditation symbol attached. (2) In using the accreditation symbol (the one specified in clause ) having the ILAC-MRA mark, ILAC laboratory combination MRA mark sublicense agreement shall be submitted in advance. (3) Except for the case specified in this requirement, no one shall attach the accreditation symbol or the confusing mark thereof to the evaluation technical report or the test report Accreditation Symbol (1) The shape of the accreditation symbol shall be as follows. (2) The color of the accreditation symbol shall be equivalent to the following or same in the whole symbol in principle. (3) Indicate the accreditation number of each accredited laboratories in the portion of "ASNITE XXXX" among the accreditation symbol. Leave the space more than a half-width character between "ASNITE" and "XXXX". (4) Indicate the identification mark "T" of testing laboratories as "addition information on the accreditation symbol" in the portion of "OO" on the right of "ASNITE XXXX". Ask the accreditation body about the identification mark of the accredited organization which has received two or more

40 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 40/43 accreditation. ASNITE XXXX OO Operation for use of Accreditation Symbol (1) Format of Report If the applicant and the accredited laboratory issue the evaluation technical report or the test report with the accreditation symbol attached, they shall notify the accreditation body of the format in advance. (2) Duplication of Report The accredited laboratory shall notify the recipients of the evaluation technical report or the test report of the fact that it is prohibited to make a color copy, etc. of the report because of confusing it with its original copy. But if it is required to clearly indicate copy, duplication, etc. on the surface of the duplicated copy so as to distinguish it from the original, this is not applicable The accredited laboratory shall comply with the requirements for use of the accreditation symbol in the advertisement, etc. specified in the following: (1) The accredited laboratory shall not use the confusing accreditation symbol leading to misunderstandings that the quality, etc. of the products themselves has been approved/guaranteed, etc. In particular, the description of being confused with the accreditation certificate issued by CC Certification Body or CM Certification Body shall be avoided. (2) The accredited laboratory may use the accreditation symbol specified in clause in the catalogue, the letterhead and the advertisement documents other than the name card, only when satisfying the following conditions, provided that it shall refer the use to the accreditation body and obtain its approval in advance. 1) The accreditation symbol shall be used in the explanation text of the accreditation symbol. 2) The size of the letters in the text shall be larger than the readable one. (3) The accredited laboratory may use the accreditation symbol specified below in the name card and the other documents, only when satisfying the conditions of (2)1) and (2)2) herein, provided that it shall refer the use to the accreditation body and obtain its approval in advance.