• The assurance continuity is the mechanism that the certification can be maintained if it can be confirmed that the changes do not impact on the evaluated security functions though the certified product is upgraded by bug fixings, or manual amendments.

• Assurance Continuity recognises that as changes are made to a certified TOE or its environment, evaluation work previously performed need not be repeated in all circumstances. Assurance Continuity therefore defines an approach to minimising redundancy in IT Security evaluation, allowing a determination to be made as to whether independent evaluator actions need to be re-performed.

  As a result, Assurance Continuity enabled developers to provide assured products to the IT consumer in a timely and efficient manner.

• The developer should report that it doesn't impact the assured level of security at all by one or more changes to TOE recognized as an Impact Analysis Report. It is necessary to execute an enough inspection with a technical background for that.

• If the assurance continuity is repeated several times, please confirm there is no impact in not only the difference from the last changed TOE but also the change in total from the original TOE.

• Currently, the period for acceptance of assurance continuity is specified "within five years after taking the certification with CCV3.1" in JISEC. However the period is scheduled to be reviewed.

• A developer can only submit an Impact Analysis Report to the same evaluation facility under which the original evaluation was conducted.
  

• The working processes of Assurance Continuity is as follows;

• “Changes” made to a certified TOE subject to assurance continuity are not intended to apply to new products and functions derived from a certified TOE. Within the scope of security function specifications that had been evaluated for the certified TOE, only those “changes” for which, without requiring a third-party evaluation, developers (applicants) on their own responsibility can verify and claim that assurance will not be adversely affected will be applicable for assurance continuity.
  This could be, for example:

  Within the range of the security functions evaluated as the certified TOE;
  -	the certified TOE with bug fixings or manual amendments.
  -	addition of operating environment when those changes do not influence the function of TOE.

• When the change doesn't obviously relate to the certified range of TOE, the changed TOE becomes the object of the assurance continuity.

• Please apply according to the guidance for application if the validity of the assurance continuity is confirmed by the prior review. Necessary documents for application are as follows.

  1.	Application for Assurance Continuity (CCM-02-A Form 2)
  	Please describe the outline of the change of TOE that becomes an object is described. The person in charge of application must stamp or sign. When the authority has been entrusted by the person in charge of application, please append "Letter of attorney" of the person in charge of application. (The copy of "Letter of attorney" is available if the document submitted before is in validity term.)
  2.	Impact Analysis Report x 1pcs or Electronic media

• Please use application forms.
Forms to be downloaded (CCM-02-A)

Guidance for application

• Please refer to the following guidance;
Assurance Continuity: CCRA Requirements June 2012
Impact Analysis Report Version 1.1 February 2008

• If there is no incompleteness in the above-mentioned documents submitted to the certifying body, the receipt number and the acceptance day are informed to the applicant.
• Please note that you might have to resubmit the application form within the assigned timeframe, for reasons such as an incomplete form or a missing signature.

• JISEC Home