• Necessity and Meaning of Information Technology Security Evaluation Based of International Standards

International Standard “ISO/IEC 15408 Information Technology Security Evaluation and Standard” is the technical standard to evaluate whether the information-technology-related products or systems are properly designed and whether the design is correctly implemented from the viewpoint of information security. ISO/IEC 15408 is based on the security evaluation standard developed by the Common Criteria (CC) project, which consists of seven organizations represented by six European countries and the United States. In June 1999, it was certified as ISO/IEC standard and in July 2000, subsequently accredited as JIS X 5070.
With the standard, security functions of IT products/systems can now be systematically evaluated from various viewpoints.

• Roles of IPA as the Certification Body

In April 2001, the Japanese Information Technology Security Evaluation and Certification Scheme (JISEC) was established with the purpose to evaluate security functions and quality in IT products/systems.
Various kinds of IT products/systems including data base management, Firewalls, Public Key Infrastructure (PKI), IT systems, IC cards, multiple functioned device, digital cameras, etc. Has been evaluated and certified under the scheme.
In addition, related information is published on the Web Page.*1
In October 2003, Japan became a participant to Common Criteria Recognition Arrangement (CCRA) which has been operated by 19 countries*2 , including European countries and the United States, to further enhance the international competitiveness of Japanese IT products.
In April 2004, IPA has started its operation as the Certification Body to conduct information security evaluation and certification schemes.

*1 :For further information, please visit http://www.ipa.go.jp/index-e.html and access to “Information Security Evaluation and Certification Scheme” on its top page.
*2 :As of August 2004

Click the figure to enlarge.