Korea IT Security Evaluation and Certification Scheme



Similar documents
MyCC Scheme Overview SECURITY ASSURANCE. Creating Trust & Confidence. Norhazimah Abdul Malek MyCC Scheme Manager zie@cybersecurity.

Korean National Protection Profile for Voice over IP Firewall V1.0 Certification Report

Malaysian Common Criteria Evaluation & Certification (MyCC) Scheme Activities and Updates. Copyright 2010 CyberSecurity Malaysia

Document ID: JIL-Security-Event-Management-Processs-V1-0 Subject: Security Event Management Process. Introduction

Certification Report - Firewall Protection Profile and Firewall Protection Profile Extended Package: NAT

Guidelines for the Accreditation of Information Technology Security Evaluation and Testing Facilities

Certification Report

National Information Assurance Partnership /Common Criteria Evaluation and Validation Scheme. Publication #2

Information Security Standards by Dr. David Brewer Gamma Secure Systems Limited Diamond House, 149 Frimley Road Camberley, Surrey, GU15 2PS

CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems

Certification Report

Certification Report

Citrix NetScaler Platinum Edition Load Balancer Version 10.5 running on MPX 9700-FIPS, MPX FIPS, MPX FIPS, MPX FIPS appliances

C033 Certification Report

FIA Protection Against Mileage Fraud by Common Criteria

General Requirements for Accreditation of ASNITE. Testing Laboratories of Information Technology. (The 12th Edition) November 1, 2014

Information Security Management Systems

C015 Certification Report

AT&T Global Network Client for Windows Product Support Matrix January 29, 2015

Certification Report

Certification Report

Certification as a model of recognising and improving personnel s competences in OSH

Common Criteria. Introduction Magnus Ahlbin. Emilie Barse Emilie Barse Magnus Ahlbin

22 July, 2010 IT Security Center (ISEC) Information-technology Promotion Agency (IPA) Copyright 2010 Information-Technology Promotion Agency, Japan 1

FSSC Q. Certification module for food quality in compliance with ISO 9001:2008. Quality module REQUIREMENTS

Certification Report

Certification Report

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

Certification Report

Certification Report

Certification Report

National Information Assurance Program (NIAP) Evolution

Certification Report

Certification Report

Consumer ID Theft Total Costs

C038 Certification Report

Ashley Institute of Training Schedule of VET Tuition Fees 2015

TERMS OF REFERENCE FOR THE HUMAN RESOURCES AND COMPENSATION COMMITTEE

Certification Report

IT Security Evaluation in China

TG TRANSITIONAL GUIDELINES FOR ISO/IEC :2015, ISO 9001:2015 and ISO 14001:2015 CERTIFICATION BODIES

Certification Report. NXP Secure Smart Card Controller P40C012/040/072 VD

Managing Projects with Practical Software & Systems Measurement PSM

TURKISH COMMON CRITERIA CERTIFICATION SCHEME TSE-CCCS TURKISH NATIONAL UPDATE, 2013

AgriLife Information Technology IT General Session January 2010

Certification Report

Certification Report

Client Security Risk Assessment Questionnaire

IAS ACCREDITED INSPECTION AGENCIES: GUIDELINES FOR CONDUCTING INTERNAL AUDITS AND MANAGEMENT REVIEWS. Revised January, 2016

Process Validation Workshops. Overview Session

How To Evaluate Watchguard And Fireware V11.5.1

C013 Certification Report

Certification Report

COURTESY TRANSLATION

Case 2:08-cv ABC-E Document 1-4 Filed 04/15/2008 Page 1 of 138. Exhibit 8

Build a CC assurance package dedicated to your risk assessment. Francois GUERIN Security Program Manager francois.guerin@gemalto.

Certification Process Requirements

JWES Activities of Education and Certification System for Welding Engineers in Asian Countries

Validation Audit Process Definition and Criteria

Certification Report

Certification Report

Certification Report

Joint Interpretation Library. Guidance for smartcard evaluation

Oracle Business Intelligence Enterprise Edition (OBIEE) Version with Quick Fix running on Oracle Enterprise Linux 4 update 5 x86_64

Secure software development in the Russian IT Security Certification Scheme. Alexander Barabanov, Alexey Markov, Valentin Tsirlov

Certification Report

Technical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium , Miami Beach FL / USA

Computer and Network Security

Technical information on the IT security certification of products, protection profiles and sites

Russian IT Security Certification Scheme: Steps Toward Common Criteria Approach

Low Assurance Protection Profile for a VoIP Infrastructure

Deep Security/Intrusion Defense Firewall - IDS/IPS Coverage Statistics and Comparison

Enhanced Vessel Traffic Management System Booking Slots Available and Vessels Booked per Day From 12-JAN-2016 To 30-JUN-2017

BSI-DSZ-CC-S for. Dream Chip Technologies GmbH Germany. Dream Chip Technologies GmbH

FSSC Certification scheme for food safety systems in compliance with ISO 22000: 2005 and technical specifications for sector PRPs PART II

SRA International Managed Information Systems Internal Audit Report

Citrix NetScaler Platinum Edition Load Balancer

SAMSUNG SDS FIDO Server Solution V1.1 Certification Report

GSA FIPS 201 Evaluation Program

Deep Security Intrusion Detection & Prevention (IDS/IPS) Coverage Statistics and Comparison

CP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems

Prospects Mutual Recognition in ASEAN and the Role of Veterinary Statutory Bodies (VSBs) in the Philippines. Ma. Elizabeth D. Callanta, DVM, MSc

BSI-DSZ-CC-S for. GLOBALFOUNDRIES Singapore Pte. Ltd. GLOBALFOUNDRIES Singapore Pte. Ltd.

IEEE 2600-series Standards for Hardcopy Device Security

Compliance Risk Assessment Measures of Financial Information Security using System Dynamics

CORPORATE GOVERNANCE CODE

CERTIFICATION REPORT No. CRP253

About CREST R&D Grant

Transcription:

Korea IT Security Evaluation and Certification Scheme 2005. 9. 28 Korea Certification Body Dae Ho, Lee

Agenda I KECS Introduction II Role and Responsibility of CB III Evaluation and Certification Procedure IV Product and Protection Profile 2

Korea IT Security Evaluation and Certification Scheme (KECS) Overview History Organization Publication Quality System Approval policy of EF 3

KECS Overview Objective Gain global trust and reliability of IT security system Improve international competitiveness of IT product Improve IT security level of national communication Network Contribute to the realization of a sound information society Legal Status Article 15 of the Framework Act on Information Promotion Article 16 of the Enforcement Decree of the Framework Act on Information Promotion 4

KECS History 1995 Aug : Framework Act on IP and its Enforcement Decree 1998 Feb : Firewall Evaluation 2000 Jul : IDS evaluation Aug : Established Evaluation Certification Scheme 2002 2003 Aug : Adopted CC, ISO/IEC 15408 as IT security evaluation criteria VPN evaluation Nov : Access Control System, Fingerprint Recognition System, Smartcard evaluation 2004 Sep : Submitted Application to join CCRA 2005 Jan : CC became the only evaluation criteria 5

KECS Organization Certification Body (National Intelligence Service) EWP Work Package Observation Report Evaluation Report Certificate Certification Report Certified Products List Publish Certification Report Evaluation and Certification Scheme Evaluation Methodology Evaluation Management and Oversight Evaluation Facility (Korea Info. Security Agency) User Application for evaluation Consultation on evaluation Sponsor IT Product Protection Profile Deliverables Developer 6

KECS Organization CB(1/2) Senior Executive Certification committee ITSCC Director, ITSCC (Certification manager) Certification Mgmt Team (Quality manager) Oversee evaluation Site visit Operate Certification Committee Issue certificates Maintenance of Assurance Support Mgmt Team Prepare to Join CCRA Operate scheme Develop Roadmap for PP development Publish CPL Audit Provide training course ITSCC : IT Security Certification Center 7

KECS Organizations CB(2/2) Senior Executive /Certification/Quality Manager Senior Executive Approves scheme Approves quality manual Approves issuance of certificate Certification Manager Supervises operation of certification body Approves internal audit Operates Certification Committee Quality Manager Operates and Maintains the quality system Develops plan and executes internal audit Operates education and training course 8

KECS Organizations - EF President IT Security Evaluation Center Vice president (Quality manager) Evaluation Planning Team (Quality assistant manager) Evaluation Team 1 (Technical manager) Evaluation Team 2 (Technical manager) Operate EF quality system Develop PP Research & support related to evaluation service Firewall Fingerprint Smartcard Etc IDS VPN Access control Etc. 9

KECS Publications KECS Overview of scheme : Principle of evaluation, Scope, Organizational structure, Legal status, Operating resource, Etc. Role and Responsibility of the Sponsor/EF/CB Evaluation and Certification procedure Maintenance of certified products Quality Manual ISO/IEC Guide 65 Quality system management Qualification of personnel, Training & education Data/Record management, Protecting and sharing of information Oversee Evaluation, Management of evaluation lab/equipment Appeal or Conciliation, Internal audits, Etc. 10

Quality Manual Sampling Management of Deliverables Protection of Confidential Information Corrective and Preventive Measure Handling of Dispute Training And Education Certification Reparation Operation of Certification lab Certification Committee Written Pledge Management Review Management of Certification Regulation Document Management Management of Assurance Certification Management Record Management Internal Audit Written Pledge Guaranteeing of Independence 11

Approval policy of EF KECS CCRA B.3 Framework Act on Information Promotion Evaluation Facility accredited approved AB CB established or KISA (EF) Evaluation Facility established Law/ statutory instrument 12

Role and Responsibility of Certification Body Qualification Assignment Basic/Advanced Training Certification Activity Certification Committee Certification Report and Certificate

Role and Responsibility of CB Written Pledge Qualification of Evaluator and Certifier Trainee Certifier (evaluator) Basic/Advanced Training Certifier (evaluator) Experience of of C/E C/E (more (more than than 2 product) Capability of of EAL3 EAL3 C/E C/E Senior Certifier (evaluator) Experience of of C/E C/E (more (more than than 3 years) Capability of of EAL4 EAL4 C/E C/E * C/E : Certification and Evaluation 14

Role and Responsibility of CB Basic/Advanced Training Basic (5days) ISO/IEC Guide 65 ISO/IEC 17025 CC/CEM KECS CCRA Requirements Advanced (10days) How to write and evaluate PP, ST and deliverables EWP Evaluate deliverables write Evaluation Technical Report Site visit 15

Role and Responsibility of CB Certification Activity Review and Record Review the following document and record result of certification in the CB Review Comment EWP, ST, WP, OR, ETR(PP, TOE) The review meeting of EWP and OR Evaluation of Testing and Vulnerability Attend Review the plan for testing of EF Independent evaluator testing and vulnerability testing Evaluation of the on site security environment Review the plan for on site evaluation 16

Role and Responsibility of CB Certification Committee Composed of 12 professionals from industry, academia, research institutes and the government Check for validity and impartiality of the evaluation results Review any major changes made to scheme Mediate dispute between sponsor, EF and CB 17

Evaluation Certification Procedure Preparation Phase Evaluation Phase Certification Phase 18

Sponsor EF Pre CB Inquiry about Evaluation Preparation of Deliverables Consultation of Evaluation Preparation Phase Apply for evaluation(deliverables) Sign Contract Accept deliverables Kick off Meeting with EF and CB Develop EWP Evaluation Phase Evaluate TOE Approve EWP Monitor Evaluation Develop ETR Review ETR Certification Phase Publish the certification report on the website Register the certificate to the CPL Receive the certificate Certification Committee Produce the Certification Report Issue the certificate 19

Evaluation Certification Procedure Preparation Phase Sponsor EF CB Inquiry about Evaluation Consultation of Evaluation Separate evaluator with consultant for impartiality and independency of evaluation Preparation of Deliverables Apply for evaluation With deliverables Sign Contract Accept deliverables - Review deliverables for completeness - Review Contract - Assign a certifier - Review deliverables 20

Evaluation Certification Procedure Evaluation Phase(1/2) Sponsor EF CB Develop EWP Approve EWP Consider complexity of security functions, scope of evaluation Review the EWP - Appropriateness of the formation of the evaluation team - Appropriateness of the method of calculating the duration of the evaluation - Appropriateness of the claimed PP and TOE scope Kick off Meeting With Sponsor and CB 21

Evaluation Certification Procedure Evaluation Phase(2/2) Sponsor EF CB Evaluation TOE Monitor Evaluation - Compliance with CC,CEM - Produce OR, WP for each work unit - Site visit - Review OR, WP - Testing and vulnerability - Site visit - Compliance with scheme Develop ETR Review ETR - Review ETR impartiality of evaluation conformance of CC/CEM - Compliance with scheme22

Evaluation Certification Procedure` Certification Phase Sponsor EF CB Certification Committee - Review the all documents of evaluation and certification (EWP, OR, WP, ETR, etc) Publish the Certification Report on the website Register the certificate to the CPL Produce the Certification Report Issue the certificate Receive the certificate 23

Certification Maintenance Sponsor CB Re-evaluation Approve Change? Yes Sponsor No Sponsor EF EF deliverables Test and analysis result CB Application for change approval (deliverables) Consult Contract Evaluation Approve Change? No Notify result Yes Sponsor 24

Product and Protection Profile Certified product Protection Profile 25

Product and Protection Profile Certified Product <As of July 18, 2005> Category 98 99 00 01 02 03 04 05 sum Domestic Criteria FW IDS 1 2 5 7 3 10 11 8 9 7 2-1 40 26 FW 2 2 Common Criteria FW, VPN IDS Access Control System Total 1 2 5 10 21 3 20 10 1 20 1 4 8 16 14 5 8 95 Firewall IDS VPN Biometric Access Control Smart Card IPS 26

Product and Protection Profile Protection Profile Publication Title EAL 2003. 4 Firewall protection profile V1.1 EAL3+ 2003. 4 VPN protection profile V1.1 EAL3+ 2003. 4 Intrusion detection system protection profile V1.1 EAL3+ 2003. 4 VPN gateway protection profile V1.1 EAL3+ 2004. 2 Firewall-VPN composite protection profile V1.0 EAL2 2004. 2 Label-based based access control system protection profile V1.0 EAL3+ 2004. 2 Fingerprint recognition system protection profile V1.0 EAL2+ 2004. 12 Smartcard open platform protection profile V1.0 EAL4+ 2005. 5 Network Intrusion Prevention System Protection Profile V1.0 EAL4 27

Q & A ITSCC of NIS (Certification Body) - Homepage : http://www.kecs.go.kr - E-mail : kecs@ncsc.go.kr KISA (Evaluation Body) - Homepage : http://www.kisa.or.kr - E-mail : kecs@kisa.or.kr 28

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information