JISEC-Assurance Continuity

1 What is the Assurance Continuity?

The assurance continuity is the paradigm that defines the maintenance and the re-assessment and recognizes the previous evaluation in order to reuse the applicable previous evaluation results in the case a certified TOE or its environments are changed.

The maintenance is the approval of maintaining certification of an IT product, etc., including changes to the certified IT product, etc., or its development environment in the case that the changes have been confirmed to have only a small impact on security.

The re-assessment is to confirm that the certified TOE has not been changed, but the changes in the various attacks landscape need to be assessed to check if the TOE still reaches the same level of resistance as initially certified.

• For detailed information about the assurance continuity, please refer to the following guidance;
  • Assurance Continuity: CCRA Requirements March 2023(PDF:310 KB)

2 Maintenance

2.1 What is the Maintenance?

The maintenance is the mechanism that the certification can be maintained if it can be confirmed that the changes do not impact on the evaluated security functions though the certified product is upgraded by bug fixings, or manual amendments.

Maintenance recognizes that as changes are made to a certified TOE or its environment, evaluation works previously performed need not be repeated in all circumstances. Maintenance therefore defines an approach to minimizing redundancy in IT Security evaluation, allowing a determination to be made as to whether independent evaluator actions need to be re-performed. As a result, Maintenance enables developers to provide assured products to the IT consumer in a timely and efficient manner.

The developer should report that it doesn't impact the assured level of security at all by one or more changes to the TOE in an Impact Analysis Report. It is necessary to execute an enough inspection with a technical background for that.

If the maintenance is repeated several times, please confirm there is no impact in not only the difference from the last changed TOE but also the change in total from the initially certified TOE.

The application deadline for maintenance is three months prior to the date of certificate expiry of the TOE.

The developer can only submit an Impact Analysis Report to the same Evaluation Facility under which the original evaluation was conducted.

2.2 Judgment of Maintenance

"Changes" made to a certified TOE subject to maintenance are not intended to apply to new products and functions derived from the certified TOE. Within the scope of security functional specifications that had been evaluated for the certified TOE, only those "changes," for which, without requiring a third-party evaluation, developers (applicants) on their own responsibility can verify and claim that assurance will not be adversely affected, will be applicable for maintenance.

• This could be, for example:
  Within the scope of the security functions evaluated as the certified TOE;
  • the certified TOE with bug fixings or manual amendments.
  • addition of operating environment when those changes do not influence the function of TOE.

When the change doesn't obviously relate to the certified scope of the TOE, the changed TOE becomes the object of the maintenance.

2.3 Preparation of applying the Maintenance

The applicant must prepare the followings before applying;

(1) Creation of "Impact Analysis Report"

The applicant makes "Impact Analysis Report" to prove that the successor product doesn't influence to the assurance level of the certified TOE.

Please describe it according to the composition described in "Impact Analysis Report Preparation Guidance." The description forms other than the chapter composition are arbitrary, and there is no fixed format.

(2) Preliminary review of "Impact Analysis Report"

The Certification Body confirms the validity of the maintenance before accepting the application.

The applicant requests a preliminary review of "Checklist for Maintenance Application" (Addendum to the Impact Analysis Report Preparation Guidance) and "Impact Analysis Report" to the Certification Body.

Please send those documents with information of the certification number to JISEC e-mail address when you request a preliminary review.

2.4 Application for Maintenance

Please apply according to the guidance for application if the validity of the maintenance is confirmed by the preliminary review. Documents necessary for application are as follows.

1. "Application for Maintenance" (CCM-02-A Form 2)
   • Please describe the overview of change of the TOE.
   • The person responsible for the application affixes a name with signature or digital signature using a digital certificate (with applicant’s organization name).
     
   • In the case that it is necessary to delegate the privileges of the person responsible for the application or the person in charge of the application to an agent, please submit a "letter of authorization" from the person responsible for the application.
2. Impact Analysis Report x 1pcs or Electronic media

• Please use application forms.
  • Forms to be downloaded (CCM-02-A)

Guidance for application

• Please refer to the following guidance;
  • Impact Analysis Report Preparation Guidance Version 3.0 December 2023(PDF:504 KB)
  • Checklist for Maintenance Application (Impact Analysis Report Preparation Guidance Addendum)(Word:53 KB)

2.5 Submission of Application for Maintenance

• The Certification Body will inform the applicant of the reception number and reception date if the submitted documents described above are found to be sufficient and complete.

• Please note that the applicant might have to resubmit the application documents within a specified time period, in the case that the submitted documents are insufficient.

3 Re-assessment

3.1 What is Re-assessment?

Re-assessment is a process by which a previously certified TOE is evaluated when various attack-related circumstances have changed since the initial certification of a TOE, and the vulnerability analysis of the initially certified product is updated to the same level as originally required.
In principle, re-assessment is performed by the same Evaluation Facility who performed the initial evaluation.
The deadline of a re-assessment application is three months prior to the certificate validity date of the relevant TOE, and there is no limit on the number of times you can apply.

3.2 Judgment of Re-assessment

When applying for a re-assessment, the applicant shall select either "publication" or "no publication" for the Re-assessment Report to be published. In a case where the applicant selects "publication" for the Re-assessment Report to be published, and where the re-assessment result is positive, the validity of the initial certificate will be updated.

In cases where the validity of the initial certificate is to be extended, the new certificate validity period will be five years from the date of completion of the re-assessment by default. A positive re-assessment result means that the relevant TOE has been confirmed as conforming to the vulnerability analysis components claimed in the Security Target at the time of initial certification.

3.3 Application for Re-assessment

The applicant shall apply in accordance with the following procedure and guidance.

1. "Application for Re-assessment" (CCM-02-A Form 23)
   • The applicant shall select whether the publication of the Re-assessment Report to be published or not on the JISEC Website. After the "Application for Re-assessment" has been submitted, the applicant cannot change the publication level from "no publication" to "publication."
2. Document proving the corporate status
3. "Written Oath" (CCM-02-A Form 3)
4. The documentation that maintains the assurance of life-cycle support which is claimed in the ST
5. "Evaluation Work Plan" (CCM-02-A Form 4)
6. "Checklist for Impartiality and Independence of Evaluation" (CCM-02-A Form 5-1 (Evaluation Facility) and Form 5-2 (Evaluator))

• Please use application forms.
  • Forms to be downloaded (CCM-02-A)

3.4 Submission of Application for Re-assessment

The Certification Body will inform the applicant of the reception number and the reception date if the above submitted documents are found to be sufficient and complete. In the case that the submitted documents are insufficient, the Certification Body will instruct the applicant to submit the necessary documents within a specified time period.