Swedish Common Criteria National Scheme and an introduction to the Swedish Certification Body for IT Security, CSEC

Abstract:

SWEDISH COMMON CRITERIA NATIONAL SCHEME


SWEDAC is the Swedish signatory and member of the Common Criteria Recognition Arrangement, CCRA.

SWEDAC is a public authority under the Ministry for Foreign Affairs and Ministry of Trade and the national accreditation body, assessing the competence of laboratories, certification and inspection bodies etc. SWEDAC is a member of EA (European co-operation for Accreditation) and corresponding organizations on international level ILAC (International Laboratory Accreditation Cooperation) and IAF (International Accreditation Forum). SWEDAC operates nationally and internationally to encourage the principles of harmonization for analysis, testing, calibration, certification and inspection in the interest of improved safety and encouragement of free trade.

SWEDAC is responsible for the National CC Scheme in Sweden.
The National CC Scheme in Sweden is built on the following:
An open scheme with accreditation of CBs and ITSEFs built on the Swedish law SFS 1992:119 and the Swedish Ordinance 1993:1065.
Specific requirements for accreditation of CBs in the area of Common Criteria are found in SWEDAC regulation STAFS 2003:3 (Including
EN 45011 and the requirements from Common Criteria)
Specific requirements for accreditation of ITSEFs in the area of Common Criteria are found in SWEDAC regulation STAFS 2003:2 (including
EN 45011 and the requirements from Common Criteria).

Sweden is since 2002 a member of the CCRA. SWEDAC is as signatory responsible for:
the administration of the CCRA regulations in Sweden (se above)
make information about certificates public
marketing of the CCRA scheme
information and education

 

AN INTRODUCTION TO THE SWEDISH CERTIFICATION BODY FOR IT SECURITY, CSEC


CSEC, an entity within the Swedish Defence Materiel Administration (FMV), has been appointed by the government to establish a national scheme for evaluation and certification of IT-security products according to the CCRA.

Within the scope of the Scheme, CSEC responsibilities includes:
To establish, operate and maintain an evaluation and certification scheme for the CSEC CB.
To license evaluation facilities according to the principles of the CCRA.
To give support, advice and training on the use of Common Criteria.
To publish a list of certified products and licensed ITSEFs.
To exercise supervision of the licensed evaluation facilities with regard to competence and methodology.
To exercise oversight of ongoing evaluation assignments and review evaluation reports.
To issue Common Criteria certificates.
To participate in international cooperation with the purpose of achieving international recognition of Swedish certificates and the continued improvement of the evaluation methodology.


This presentation will provide an overview of the organization and status of CSEC and the core processes of the Common Criteria Evaluation and Certification Scheme for CSRA.