HOME >> IT Security >> JISEC Home >> Scheme Documentation

IT Security

Scheme Documentation

Last Updated 2019-05-07

Scheme documentation is regularly revised by JISEC.
Note that the latest versions of the forms should be used (CCM-02-A, CCM-03-A).
It is important to understand the contents of the latest Scheme documentation for your application procedures.

IT Security Evaluation and Certification Scheme Documentation

The following documents explain the Scheme Document, Organization and Operational Manual, Requirements for the applicant, Guidance on application procedures and Operating procedures in this Scheme.

For all relevant parties under this Scheme

Document / Overview	CCS-01 IT Security Evaluation and Certification Scheme Document (374KB) Updated 2018-07-01 This Scheme Document prescribes "IT Security Evaluation and Certification Scheme" and basic matters related to this Scheme that need to be complied with by suppliers and users of IT products and systems as well as personnel engaged in the operation of this Scheme.
Contents	Purpose of the Scheme Definition of Terms Structure of the Scheme Overview of Evaluation and Certification Overview of Evaluation and ST Confirmation Rights and Obligations of Applicants Suspension or Revocation of Certification and ST Confirmation Miscellaneous Provisions

For applicants, Evaluation Facility

Document / Overview	CCM-02 Requirements for IT Security Certification (479KB) Updated 2018-09-13 The purpose of the Requirements is to prescribe the matters that applicants must comply with when making a certification application and maintain its certification.
CCM-02-A Guidance on IT Security Certification (565KB) Updated 2018-09-13 Forms and sample forms for CCM-02-A can be obtained from "Forms to be downloaded (for Certification Application)." This Guidance explains the necessary procedures that applicants conduct to acquire and maintain certification under IT Security Evaluation and Certification Scheme.
Contents	Certification Application Preparations Procedures for a Certification Application and Corrections during Application Overview of Evaluation and Certification Assurance Continuity Suspensions and Revocations of Certification Miscellaneous Procedures after Acquiring Certification Succession of Certification Handling Complaints about a Certified Product Use for the "Certification Mark"

Document
/ Overview

CCM-02

Requirements for IT Security Certification pdf

(479KB)

Updated 2018-09-13

The purpose of the Requirements is to prescribe the matters that applicants must comply with when making a certification application and maintain its certification.

CCM-02-A

Guidance on IT Security Certification pdf

(565KB)

Updated 2018-09-13

Forms and sample forms for CCM-02-A can be obtained from "Forms to be downloaded (for Certification Application)."

This Guidance explains the necessary procedures that applicants conduct to acquire and maintain certification under IT Security Evaluation and Certification Scheme.

Contents

Certification Application Preparations
Procedures for a Certification Application and Corrections during Application
Overview of Evaluation and Certification
Assurance Continuity
Suspensions and Revocations of Certification
Miscellaneous Procedures after Acquiring Certification
Succession of Certification
Handling Complaints about a Certified Product
Use for the "Certification Mark"

For Evaluation Facility

Document / Overview	CCM-03 Requirements for Approval of IT Security Evaluation Facility (230KB) Updated 2018-09-13 The Requirements for Evaluation Facility prescribe the necessary matters for Evaluation Facilities to obtain approval from the Certification Body as well as the necessary matters for Evaluation Facilities that have obtained approval to maintain the approval under IT Security Evaluation and Certification Scheme.
CCM-03-A Guidance on Approval of IT Security Evaluation Facility (400KB) Updated 2018-09-13 Forms and sample forms for CCM-03-A can be obtained from "Forms to be downloaded (for Evaluation Facility)." This Guidance explains the procedures that Evaluation Facilities shall take to apply for obtaining approval and to maintain the approval under IT Security Evaluation and Certification Scheme.
Contents	Approval of Evaluation Facility Approval of Evaluator Qualification

Document
/ Overview

CCM-03

Requirements for Approval of IT Security Evaluation Facility pdf

(230KB)

Updated 2018-09-13

The Requirements for Evaluation Facility prescribe the necessary matters for Evaluation Facilities to obtain approval from the Certification Body as well as the necessary matters for Evaluation Facilities that have obtained approval to maintain the approval under IT Security Evaluation and Certification Scheme.

CCM-03-A

Guidance on Approval of IT Security Evaluation Facility pdf

(400KB)

Updated 2018-09-13

Forms and sample forms for CCM-03-A can be obtained from "Forms to be downloaded (for Evaluation Facility)."

This Guidance explains the procedures that Evaluation Facilities shall take to apply for obtaining approval and to maintain the approval under IT Security Evaluation and Certification Scheme.

Contents

Approval of Evaluation Facility
Approval of Evaluator Qualification

For Certification Body

Document / Overview	CCM-01 Organization and Operational Manual for IT Security Certification Body (527KB) Updated 2018-09-13 This Operational Manual prescribes policies and procedures for operating organization and certification services as the Certification Body under the IT Security Evaluation and Certification Scheme in accordance with ISO/IEC 17065 "Conformity assessment-Requirements for bodies certifying products, processes and services (JIS Q 17065)."
Contents	Matters that Need to be Complied with by Personnel Engaged in the Operation of Certification Services Advisory boards for the operation of certification services (Management Committee, Technical Committee, Certification Committee, and Hardware Certification Committee) Certification Services ST Confirmation Services Internal Audit

Document
/ Overview

CCM-01

Organization and Operational Manual for IT Security Certification Body pdf

(527KB)

Updated 2018-09-13

This Operational Manual prescribes policies and procedures for operating organization and certification services as the Certification Body under the IT Security Evaluation and Certification Scheme in accordance with ISO/IEC 17065 "Conformity assessment-Requirements for bodies certifying products, processes and services (JIS Q 17065)."

Contents

Matters that Need to be Complied with by Personnel Engaged in the Operation of Certification Services
Advisory boards for the operation of certification services (Management Committee, Technical Committee, Certification Committee, and Hardware Certification Committee)
Certification Services
ST Confirmation Services
Internal Audit

Document / Overview	CCM-01-A Operating Procedure for IT Security Certification Services (571KB) Updated 2018-09-13 This Operating Procedure prescribes the necessary operating procedure for services of certification and ST confirmation as the Certification Body under the Japan IT Security Evaluation and Certification Scheme.
Contents	Handling services for Reception and Acceptance of Certification Application / Certification / Assurance Continuity / Changing Records Suspension or Revocation of Certification and ST Confirmation Preparation and Publication of Standards and Guidance, etc. Internal Audit / Document Management

Document / Overview	CCM-01-B Operating Procedure for Approval of IT Security Evaluation Facility (265KB) Updated 2018-09-13 This Operating Procedure prescribes the necessary operating procedure to approve Evaluation Facilities and Evaluator Qualification as the Certification Body under the IT Security Evaluation and Certification Scheme.
Contents	Operating Procedure for Reception and Acceptance of Application Operating Procedure for Approval of Evaluator Qualification and Changes Operating Procedure for Approval of IT Security Evaluation Facility and Changes

Document / Overview	CCM-01-C Operating Procedure for Personnel Management of IT Security Certification Body (260KB) Updated 2018-07-01 This Operating Procedure prescribes the personnel and committees that are required for the operation of the IT Security Evaluation and Certification Scheme as the Certification Body.
Contents	Appointment of a Technical Manager, etc. Qualification Standards, Procedure for Registration, Management, Education and Training Programs of Certifiers, and Committees

Procedures for Certification Application and Relevant Documents

The following procedures explain the items needed for the certification application. The applicants are required to understand and follow the notes and instructions below when submitting application forms.

Addendum Information for the Scheme (188KB)
Guideline for Determining the TOE in Certification Applications that Do Not Use PPs (Version 2.0) (154KB)
Guideline for Certification Application with HCD-PP Conformance
(Version 1.5) (334KB)
-Old Version
· Version 1.4 (494KB)

Contact

For further inquiries on the Scheme Documentation, please contact to the following:

JISEC Administrative staff, IT Security Center,
Information-technology Promotion Agency, Japan
TEL: +81-3-5978-7538 FAX: +81-3-5978-7548
E-mail:

The Previous Scheme Documentation

The previous version of the Scheme Documentation published before September 2018 is as follows.

The Previous Scheme Documentation

JISEC Home

Top Page