Common Criteria Recognition Arrangement

1. Common Criteria Recognition Arrangement 8th ICCC Rome, 25th September 2007 Report by the MC Chairman Gen. Luigi Palagiano

2. Introduction The diffusion of IT systems and networks empowers the international and national exchange of information But, at the same time …. The growing connectivity among secure and insecure networks creates new opportunities for unauthorized intrusions into sensitive networks and computer systems.

3. Terrorists, drugs trafficker and criminal organisations will take advantage of the new high speed information technologies supporting their illegal activities

4. System & Network complexity The complexity of systems and computer networks is growing faster than the ability to understand and protect them by identifying critical nodes, verifying security, and monitoring activity and intrusion attempts. 

5. Systems / Networks Threats • Capture data related to industrial, military or national security; • Destroy or control information systems which are for critical infrastructures (for example: airports) • Information alteration

6. Definition of IT Security • Security can be defined as: • “Getting rid of any unacceptable risk". • The risks relate the following categories of losses: • Confidentiality of Information • Integrity of Data and system related assets • Availability of Data and Service

7. Confidentiality Assurance that information is shared only among authorized persons or organisations. Breaches of Confidentiality can occur when data is not handled in a manner adequate to safeguard the confidentiality of the information concerned.

8. Integrity Assurance that the information is authentic and complete. Ensuring that information can be relied upon to be sufficiently accurate for its purpose. Assuring information will not be accidentally or maliciously altered or destroyed.

9. Availability Ensuring that information and service is available to authorized users, when needed.

10. History of Common Criteria TCSEC (USA) 1983 - 1985 Canada, first initiative 1989 - 1993 NIST - MSFR 1990 National and Regional European Initiatives, 1989 – 1993 CTCPEC 3 1993 Federal Criteria 1992 ITSEC 1992 Common Criteria Project, 1993 ISO Initiatives 1992 Common Criteria ver. 1.0, 1996 Common Criteria ver. 2.0, 1998 ISO 15408 08/06/1999

11. History of Common Criteria 8th June 1999 CC is approved as International Standard ISO 15408

12. Nations taking part to the Common Criteria Recognition Arrangement Australia Canada Finland France Germany Greece Israel Italy Netherlands New Zealand Norway Spain United Kingdom U.S.A.

13. (14) Australia, Canada, Finland, France, Germany, Greece, Israel, Italy, Netherland, New Zealand, Norway, Great Britain, Spain, U.S.A. Participant nations (2) (2) (2) (2) (2) (1) Czech Republic, Japan Korea, Denmark Austria, Sweden Hungary, Turkey India, Singapore Malaysia 2000 2002 2003 2004 2005 2006 2007 Year Common Criteria participant Nations

14. Variations during 2007 year • New Entrant • Malaysia • Status change • Sweden • Singapore • Interested in adhesion to CCRA • Tunisia • Belgium

15. How are Countries divided ? • Certificate Authorizing Participants • Australia - New Zealand, Canada, France, Germany , Japan, Korea, Netherland, Norway, Spain, Sweden(*), UK, USA. • Certificate Consuming Participants • Austria, Czech Republic, Denmark , Finland, Greece, Hungary, Israel, Italy, India, Malaysia, Singapore, Turkey. (*) shadow certification in progress