Eurosmart: The Voice of The Smart Card Industry

ISCI proposal - International Security Certification Initiative

History of the initiative

eEurope Smart Cards technical group on Certification of security, Trailblazer 3 was led by Eurosmart during 2 years (2000-2002) and started to define certification methods. ISCI will continue developing the deliverables achieved.

Participants

Eurosmart members
Certification Bodies
Accredited Laboratories
Research Institutes
Japanese industry is invited

Why such a project - background

Interpretation of concept - Security of information, communication and transactional (ICT) systems is not an abstract concept. The definition, evaluation and results can be completely different from one country to another, from one issuer to another.

Need to allow a full comparability between security certification procedures, ensuring mutual recognition between countries, and optimising time and costs for suppliers of secure ICT products and systems.

Objectives of ISCI

The goal of the ISCI initiative is to define, support and promote a universal framework for security evaluation and certification methods, tools and procedures, based on internationally accepted standards. The coordination activities of ISCI will consist in:

- managing convergence of industry (supplying and issuing sides) and administration towards common references and best practices for security evaluation and certification of ICT systems

- promoting the Common Criteria Standard as the major reference for evaluation methods and tools and providing contributions for best practices in CC implementation

- supporting mutual recognition of security certificates at an international level

- networking accredited evaluation labs and harmonising protocols for their accreditation

- specifying re-usability of methods, tools and procedures defined in ISCI to any type of ICT product and extending security evaluation to a full system level

- providing the European institutions and member state governments with a framework for discussion on legal, technical and trade issues related to security certification, referring to the strategy defined by the European institutions in the e-Europe 2005 initiative, and according to the existing European Council resolutions.

Expected results

Common and fully interoperable evaluation and certification will set the global framework for mutual certificate recognition and common procedures for accreditation of structures in charge of security evaluation.