Articles

ISCI- International Security Certification Initiative

History

ISCI was created as the continuity of the eEurope Smart Card technical group Trailblazer 3, which was led by Eurosmart during 2 years (2000-2002).


This group succeeded in bringing together experts from every aspect of smart cards security evaluation: certification authorities, evaluation laboratories, hardware vendors, software vendors, card vendors and service providers. The co-operation has been quite open and effective, resulting in recommendations endorsed by the European Certification Bodies and integrated as "supporting documents" in the standardized Common Criteria scheme.

 

ISCI Objectives

The goal of Information Security Certification Initiative is to define, support and promote security evaluation and certification methods, tools and procedures, based on internationally accepted standards for achieving a fully comparable and interoperable framework for smart security devices certification.


Besides standardization of evaluations, another goal of ISCI is to improve security evaluation time and cost.

Two groups have been created to fulfill these objectives :

- ISCI-WG1 with the mission of defining the methodology and best practices for smart security device evaluation.
- ISCI-WG2, (known as JHAS) with the mission of defining and maintaining the state of art of attack potential for the smart security devices.


Major smart security devices stakeholders are involved in these working groups

- Eurosmart members: hardware vendors, software vendors, smart card vendors and issuers.
- Certification Authorities (France, Germany, Netherlands, Spain, UK)
- Common Criteria European accredited laboratories and other experts in the field of smart security testing.

 

Achievements

Since its creation, ISCI brings its expertise for Common Criteria application to smart security Devices, providing major supporting documents which are released to day by the CCDB (Common Criteria Development Board) as mandatory or guidance document as:

- Application of Attack Potential to smart cards that specifies smart cards attacks ratings
- Composite Product Evaluation for smart cards and similar devices that defines how to perform an evaluation, combining an application (software) running on a certified platform (hardware).

(supporting documents can be downloaded from http://www.commoncriteriaportal.org/supdocs.html)

 

Another useful guidance, ‘Security Architecture requirements (ADV_ARC) for smart cards and similar devices' is available as trial for CC V3.1 evaluations and will be published soon.

 

icon_pdf Download ISCI ADV_ARC presentation at 10th ICCC (Norway)

Next steps

ISCI working groups continue to work on solutions for improving CC evaluation for smart security devices. Besides maintaining and updating existing guidance , the main themes addressed to day are:

- Definition of a test vehicle for laboratories accreditation (JHAS)

- Optimization of CC process : maximize re-use and minimize non value-add activities

 


icon_pdf Download ISCI presentations at 9th ICCC (Korea)

icon_pdf Download ISCI presentations at 10th ICCC (Norway)