CCV3.0 –how this effects Smart Card evaluations

Abstract:

Information Security Certification Initiative (ISCI) gathers Smart Card industry actors as Hardware and software Smart Card Manufacturers, Smart Card Issuers, Evaluation Laboratories and Certification Bodies.
This organization aims to promote CC evaluation, providing methodology and guidance for CC evaluation in the Smart Card industry, targeting evaluation process simplification and cost reduction.

In this organization Working Group 1 (WG1) is in charge of Methodology and Evaluation Criteria.
Since the beginning of 2004, ICSI-WG1 work was focused on the monitoring of the CC V3.0.

The purpose is to present Smart card Industry's view on the CCV3.0 project:

- An overview of the Smart card Industry CC V2.1/V2.2 evaluation experience:

- Strong commitment to CC
- Existing Protection Profiles issued for Smart Cards evaluation
- JIL guidance issued for Smart Cards evaluation

- How CCV3.0 will affect Smart Cards evaluation:

- Review of part 2 and Part 3 changes that were discussed & commented during ISCI-WG1 workshops,
- Focus on Part3 ADV and AVA classes
- Foreseen impact on evaluation cost and duration

- What is needed to use CCV3.0 for Smart Card evaluation:

- Translation/updating of related documents
- Need a transition phase that will raise some issues as the re-use of CCV2.1 results or the composition possibilities between evaluated hardware with CC V2.1 and Software with CC V3.0