Cryptomathic’s Signer is the only qualified (electronic) signature creation device (QSCD) that is certified under the SO-GIS agreement using the Common Criteria Recognition Arrangement (CCRA). Its security target is written to strictly conform to the certified protection profile EN 419 241-2.

Download white paperWith earning the Common Criteria certification, Signer provides users with a best in class security with the highest level assurance regarding product resistance and rigorous product development process.

But what is the significance of CCRA recognition?

Here we will explain the importance of the Common Criteria Recognition Arrangement.

What Are the Objectives of CCRA?

CCRA participants share the following four objectives:

  1. Ensuring that the performance of evaluations for Information Technology (IT) products and protection profiles meet strict and consistent standards that are recognized for their significant contribution to promoting confidence in the security of those products and profiles.
  2. Improving access to evaluated, security-enhanced IT products, and protection profiles.
  3. Eliminating the burden of duplicate evaluations of IT products and protection profiles.
  4. Continuous improvement of efficiency and cost-effectiveness of evaluation and certification/validation process for IT products and protection profiles.

Who Belongs to CCRA?

The CCRA has a Management Committee that is made up of senior representatives from each signatory’s country (as listed below). The Committee was established to implement the Arrangement and provide guidance to the respective national schemes conducting evaluation and validation activities.

Current CCR members include:

  • Australia - Australasian Certification Authority (ACA)
  • Canada - Canadian Common Criteria Scheme
  • France - Agence Nationale de la Sécruité des Systèmes d’Information (ANSSI)
  • Germany - Bundesamt für Sicherheit in der Informatinstechnik
  • India - Indian Common Criteria Certification Scheme (IC3S)
  • Italy - OCSI – Organismo di Certificazione della Sicurezza Informatica
  • Japan - JISEC – Japan IT Security Evaluation and Certification Scheme
  • Malaysia - CyberSecurity Malaysia
  • Netherlands - NSCIB operated by TÜV Rheinland Nederland B.V.
  • New Zealand – Australasian Certification Authority (ACA)
  • Norway – SERTIT
  • Republic of Korea – IT Security Certification Center (ITSCC)
  • Singapore – Cyber Security Agency of Singapore
  • Spain – Organismo de Certficaci?n de la Seguridad de las Technolgias de la Informaci?n
  • Sweden – Swedish Certification Body for IT Security FMV/CSEC
  • Turkey – TSE (Turkish Standards Institution) Common Criteria Certification Scheme
  • United States – National Information Assurance Partnership
  • Austria – Federal Chancellery of Austria
  • Czech Republic – National Security Authority of the Czech Republic
  • Denmark – Center for Cyber Security
  • Ethiopia – Information Network Security Agency (INSA)
  • Finland – Finnish Transport and Communications Agency (Traficom)
  • Greece – National Intelligence Service
  • Hungary – Ministry of National Development
  • Indonesia – Badan Siber & Sandi Negara (National Cyber & Crypto Agency) Indonesia
  • Israel – The Standards Institution of Israel
  • Pakistan – Ministry of Defence
  • Poland – Ministerstwo Cyfryzacji (Ministry of Digital Affairs) Departament Cyberbezpieczenstwa (Department of Cybersecurity)
  • Qatar – Ministry of Transport and Communication
  • Slovak Republic – National Security Authority of the Slovak Republic
  • United Kingdom - UK IT Security Evaluation and Certification Scheme

What is the Purpose of the Arrangement?

Read White PaperThe purpose of CCRA is to advance the aforementioned objectives by creating an environment where IT products and protection profiles that earn a Common Criteria certificate can be obtained or used without any further evaluation required.

It works to establish a basis for confidence in the reliability of the judgements used for granting the original certificate by requiring that a Certification/Validation Body (CB) that issues Common Criteria certificates must meet high and consistent standards.

In relation to Qualified Electronic Signatures, the CCRA is a prerequisite for international acceptance of the QSCD certification in a defined legal frameset. It is hence of strong value for banks and institutions with an international focus.

 

Read White Paper

References

Want to know how we can help ?

Get in touch to better understand how our solutions secure ecommerce and billions of transactions worldwide.