HOME >> IT Security >> JISEC Home >> Hardware Evaluation and Certification>>Scheme Documentation (Hardware)

Scheme Documentation (Hardware)

Last Updated 2016-04-01

Scheme documentation is regularly revised.
Note that the latest versions of the forms should be used (CCM-02-AH, CCM-03-AH).

IT Security Evaluation and Certification Scheme Documentation (Hardware)

The following documents explain the Scheme Document, Organization and Operational Manual, Requirements for the applicant, Guidance on application procedures and Operating procedures in this Scheme.
Note that the following are Scheme documents in which the product area is "hardware (smart cards, etc.)." In the case that the product area is "software," refer to the "Basics" page on the Web.


icon For all relevant parties under this Scheme

Document
/ Overview
CCS-01
IT Security Evaluation and Certification Scheme Document pdf (363KB)
Updated 2015-06-01

This Scheme Document prescribes "IT Security Evaluation and Certification Scheme" and basic matters related to this Scheme that need to be complied with by suppliers and users of IT products and systems as well as personnel engaged in the operation of this Scheme.
Contents
  • Purpose of the Scheme
  • Definition of Terms
  • Structure of the Scheme
  • Overview of Evaluation and Certification
  • Overview of Evaluation and ST Confirmation
  • Rights and Obligations of Applicants
  • Suspension or Revocation of Certification and ST Confirmation
  • Miscellaneous Provisions

icon For applicant, Evaluation Facility

Document
/ Overview
CCM-02
Updated 2015-06-01

The purpose of the Requirements is to prescribe the matters that applicants must comply with when making a certification application and maintain its certification.
CCM-02-AH
Updated 2015-06-01

Forms and sample forms for CCM-02-A can be obtained from "Forms to be downloaded (for Certification Application)."

The Guidance specifically prescribes the procedures for applicants to apply for certification of target of evaluation in which the product area is "hardware (smart cards, etc.)." This Guidance shall be used in conjunction with the "Guidance on IT Security Certification (Basics) (CCM-02-A)."
Contents
  • Certification Application Preparations
  • Procedures for a Certification Application and Corrections during Application
  • Overview of Evaluation and Certification
  • Assurance Continuity
  • Suspensions and Revocations of Certification
  • Miscellaneous Procedures after Acquiring Certification
  • Succession of Certification
  • Handling Complaints about a Certified Product
  • Use for the "Certification Mark"

icon For Evaluation Facility

Document
/ Overview
CCM-03
Updated 2015-06-01

The Requirements for Evaluation Facility prescribe the necessary matters for Evaluation Facilities to obtain approval from the Certification Body as well as the necessary matters for Evaluation Facilities that have obtained approval to maintain the approval under IT Security Evaluation and Certification Scheme.
CCM-03-AH
Updated 2015-06-01

Forms and sample forms for CCM-03-A can be obtained from "Forms to be downloaded (for Evaluation Facility)."

This Guidance specifically prescribes the procedures for Evaluation Facilities to apply for approval in which the product area is "hardware (smart cards, etc.)." This Guidance shall be used in conjunction with the "Guidance on Approval of IT Security Evaluation Facility (Basics) (CCM-03-A)."
Contents
  • Approval of Evaluation Facility
  • Approval of Evaluator Qualification

icon For Certification Body

Document
/ Overview
CCM-01
Updated 2015-06-01

This Operational Manual prescribes policies and procedures for operating organization and certification services as the Certification Body under the IT Security Evaluation and Certification Scheme in accordance with ISO/IEC 17065 "Conformity assessment-Requirements for bodies certifying products, processes and services (JIS Q 17065)."
Contents
  • Matters that Need to be Complied with by Personnel Engaged in the Operation of Certification Services
  • Advisory boards for the operation of certification services (Management Committee, Technical Committee, Certification Committee, and Hardware Certification Committee)
  • Certification Services
  • ST Confirmation Services
  • Internal Audit
Document
/ Overview
CCM-01-AH
Updated 2015-06-01

This Operating Procedure specifically prescribes the necessary operating procedure for certification in which the product area is "hardware (smart cards, etc.)." This Operating Procedure shall be used in conjunction with the "Operating Procedure for IT Security Certification Services (Basics) (CCM-01-A)."
Contents
  • Handling Services for Reception and Acceptance of Certification Application / Certification / Assurance Continuity / Changing Records
  • Suspension or Revocation of Certification and ST confirmation
  • Preparation and Publication of Standards and Guidance, etc.
  • Internal Audit / Document Management
Document
/ Overview
CCM-01-BH
Updated 2015 06-01

This Operating Procedure specifically prescribes an operating procedure for certification in which the product area is "hardware (smart cards, etc.)." This Operating Procedure shall be used in conjunction with the “Operating Procedure for Approval of IT Security Evaluation Facility (Basics) (CCM-01-B)."
Contents
  • Operating Procedure for Reception and Acceptance of Application
  • Operating Procedure for Approval of Evaluator Qualification and Changes
  • Operating Procedure for Approval of IT Security Evaluation Facility and Changes
Document
/ Overview
CCM-01-C
Updated 2016 04-01

This Operating Procedure prescribes the personnel and committees that are required for the operation of the IT Security Evaluation and Certification Scheme as the Certification Body.
Contents
  • Appointment of a Technical Manager, etc.
  • Qualification Standards, Procedure for Registration, Management, Education and Training Programs of Certifiers, and Committees

icon Procedures for Certification Application and Relevant Documents

The following procedures explain the items needed for the certification application. The applicants are required to understand and follow the notes and instructions below when submitting application forms.

Addendum Information for the Scheme pdf (188KB)

Guideline for Determining the TOE in Certification Applications that Do Not Use PPs(Version 2.0) pdf (154KB)

Contact

For further inquiries on the Scheme Documentation, please contact to the following:

JISEC Hardware Team, IT Security Center,
Information-technology Promotion Agency, Japan
TEL: +81-3-5978-7545 FAX: +81-3-5978-7548
E-mail: jisec address