Crypto WG supporting documents

The SOG-IS Crypto WG is in charge of providing the SOG-IS MC with technical support for the establishment of a SOG-IS Crypto Evaluation Scheme, i.e. a set of requirements and evaluation procedures related to cryptographic aspects of Common Criteria security evaluations of IT products and mutually agreed by SOG-IS participants.

The document SOG-IS Crypto Evaluation Scheme Agreed Cryptographic Mechanisms is primarily addressed to evaluators and developers. Its purpose is to specify which cryptographic mechanisms are recognised agreed, i.e. ready to be be accepted by all SOG-IS participants. For each of the main types of symmetric and assymmetric cryptographic mechanisms, a table summarising the set of all the agreed mechanisms of that type is provided. A result of an evaluation performed under the SOG-IS Crypto Evaluation Scheme is that a user of the target of evaluation (TOE) can get the assurance that she only uses agreed cryptographic mechanisms. General and specific notes on how to implement/evaluate the various agreed cryptographic mechanisms correctly are also provided, as well as requirements related to key management.

Other aspects of the evaluation of cryptographic mechanisms under the SOG-IS Crypto Evaluation Scheme, e.g. conformance testing, implementation evaluation, checking the overall consistency of the security architecture and key management of the TOE with its security goals, etc. , will be addressed in separate supporting documents.

Title Comment Version Date
SOGIS Agreed Cryptographic Mechanisms Comments are to be forwarded to the editors of the document through the members of the JIWG group. This document will be regularly updated. 1.0 May 2016


JIWG supporting documents

The JIWG supporting documents listed in the following table support the evaluation of products at the general level. They are continuously monitored and updated by the JIWG. 

The JIWG also maintains supporting documents which are related to specific technical domains. Please refer to the details page for the SOG-IS Technical Domains for an overview.


Note on trial use documents: Objective of the trial use phase is to gain experience in the application of the requirements of supporting documents in the context of product evaluation.

The application of the documents for trial use is mandatory for the certification under the SOGIS-MRA for all products.

During the trial phase period it is expected that additional support from the CB in charge of the certification will be provided to interpret the trial-use document on case by case basis when problems with its applications arise. The interpretations that would have been identified during the trial use phase will be fed back to their editors in order to improve the documents in a next version.


General level CC supporting documents

Title Type Version Date
Collection of developer evidence Guidance 1.5 Jan. 2012

 

Smartcards and similar devices CC supporting documents

Title Type Version Date
Application of Attack Potential to Smartcards Mandatory 2.9 Jan. 2013
Application of CC to Integrated Circuits
Mandatory
3.0
Feb. 2009
Composite product evaluation for Smart Cards and similar devices
Mandatory
1.4
Aug. 2015
ETR for composite evaluation template
Guidance
1.1
Aug. 2015
Guidance for Smartcard evaluation
Guidance
2.0
Feb. 2010
Security Architecture requirements (ADV_ARC) for Smart Cards and similar devices
Mandatory
2.0
Jan. 2012
Security Architecture requirements (ADV_ARC) for Smart Cards and similar devices - Appendix 1
Guidance
2.0
Jan. 2012
Certification of "open" smart card products
For trial use
1.1
Feb. 2013
Requirements to perform Integrated Circuit Evaluations
Mandatory
1.1
Feb. 2013
Minimum site security requirements
For trial use
1.1
July 2013
Security requirements for post-delivery code loading
Guidance
1.0
Feb. 2016

 

Hardware devices with security boxes CC supporting documents

Title Type Version Date
Application of Attack Potential to Hardware Devices with Security Boxes
For trial use
2.0 Dec 2015

Point of Interaction (POIs)

Title Type Version Date
Application of Attack Potential to POIs
For trial use
1.0 Jun. 2011
CEM Refinements for POI Evaluation
For trial use 1.0
Jun. 2011

Digital Tachograph

Title Type Version Date
Security Evaluation and Certification of Digital Tachographs
Mandatory
1.12 Jan. 2003

 

ITSEC criteria and supporting documents

Title Type Version Date
Information Technology Security Evaluation Criteria (ITSEC)
-
1.2
Jun 1991
Information technology Security Evaluation Manual (ITSEM)
-
1.0
Sep. 1993
ITSEC Joint Interpretation Library (ITSEC JIL) Mandatory 2.0 Nov. 1998