3 min read

Cryptomathic Signer's QSCD Gets Common Criteria Certification

Cryptomathic Signer's QSCD Gets Common Criteria Certification

Cryptomathic’s Signer is the only qualified (electronic) signature creation device (QSCD) that is certified under the SO-GIS agreement using the Common Criteria Recognition Arrangement (CCRA). Its security target conforms to the certified protection profile EN 419 241-2.

Download white paperWith the Common Criteria certification, Signer provides users with a best-in-class security with the highest level assurance regarding product resistance and rigorous product development processes.

Here we will explain the importance of the Common Criteria Recognition Arrangement.

What Are the Objectives of CCRA?

CCRA participants share the following four objectives:

  1. Ensuring that the performance of evaluations for Information Technology (IT) products and protection profiles meet strict and consistent standards that are recognized for their significant contribution to promoting confidence in the security of those products and profiles.
  2. Improving access to evaluated, security-enhanced IT products, and protection profiles.
  3. Eliminating the burden of duplicate evaluations of IT products and protection profiles.
  4. Continuous improvement of efficiency and cost-effectiveness of evaluation and certification/validation process for IT products and protection profiles.

Who Belongs to CCRA?

The CCRA has a Management Committee that is made up of senior representatives from each signatory’s country (listed below). The Committee was established to implement the arrangement and provide guidance to the respective national schemes conducting evaluation and validation activities.

Current CCR members include:

  • Australia - Australasian Certification Authority (ACA)
  • Canada - Canadian Common Criteria Scheme
  • France - Agence Nationale de la Sécruité des Systèmes d’Information (ANSSI)
  • Germany - Bundesamt für Sicherheit in der Informatinstechnik
  • India - Indian Common Criteria Certification Scheme (IC3S)
  • Italy - OCSI – Organismo di Certificazione della Sicurezza Informatica
  • Japan - JISEC – Japan IT Security Evaluation and Certification Scheme
  • Malaysia - CyberSecurity Malaysia
  • Netherlands - NSCIB operated by TÜV Rheinland Nederland B.V.
  • New Zealand – Australasian Certification Authority (ACA)
  • Norway – SERTIT
  • Republic of Korea – IT Security Certification Center (ITSCC)
  • Singapore – Cyber Security Agency of Singapore
  • Spain – Organismo de Certficaci?n de la Seguridad de las Technolgias de la Informaci?n
  • Sweden – Swedish Certification Body for IT Security FMV/CSEC
  • Turkey – TSE (Turkish Standards Institution) Common Criteria Certification Scheme
  • United States – National Information Assurance Partnership
  • Austria – Federal Chancellery of Austria
  • Czech Republic – National Security Authority of the Czech Republic
  • Denmark – Center for Cyber Security
  • Ethiopia – Information Network Security Agency (INSA)
  • Finland – Finnish Transport and Communications Agency (Traficom)
  • Greece – National Intelligence Service
  • Hungary – Ministry of National Development
  • Indonesia – Badan Siber & Sandi Negara (National Cyber & Crypto Agency) Indonesia
  • Israel – The Standards Institution of Israel
  • Pakistan – Ministry of Defence
  • Poland – Ministerstwo Cyfryzacji (Ministry of Digital Affairs) Departament Cyberbezpieczenstwa (Department of Cybersecurity)
  • Qatar – Ministry of Transport and Communication
  • Slovak Republic – National Security Authority of the Slovak Republic
  • United Kingdom - UK IT Security Evaluation and Certification Scheme

What is the Purpose of the Arrangement?

 Selected Signing ServicesThe purpose of CCRA is to advance the above objectives by creating an environment where IT products and protection profiles that earn a Common Criteria certificate can be used without any further evaluation required.

It works to establish a basis for confidence in the reliability of the judgements used for granting the original certificate by requiring that a Certification/Validation Body (CB) that issues Common Criteria certificates must meet high and consistent standards.

In relation to Qualified Electronic Signatures, the CCRA is a prerequisite for international acceptance of the QSCD certification in a defined legal frameset. It is hence of strong value for banks and institutions with an international focus.


Read White Paper