the accesskey _ mod _ content

Line on the recognition of certificates of Common Criteria in the field of the security of the Information technology.

El Arreglo sobre el Reconocimiento de los Certificados de Criterios Comunes en el campo de la Seguridad de la Tecnología de la Información (conocido por sus siglas en inglés CCRA) especifica los requisitos que han de cumplir los Certificados de Criterios Comunes, los Organismos de Certificación y los Centros de Evaluación de la seguridad de las tecnologías de la información.

The Settlement is based on the premise that the use of products and systems of information technology (YOU) whose safety has been certified is one of the main safeguards to protect the information and systems that handle.

The certificates are issued by security certification agencies granted to products or systems of THEE (or protection profiles) that have been successfully evaluated by evaluation services, according to common criteria (ISO/IEC standard 15408). In Spain certificates are issued by the Certification body of national Scheme assessment and certification of the security of the Thee. (Opens in new window)

The current version of the settlement (Opens in new window) was ratified and published on 8 September 2014 by 26 countries, including Spain; by our country, the ratification was conducted jointly PKIX between the centre and the national secretariat of state of Public administrations. The 26 countries signatories are: Germany, Australia, Austria, Canadá, United States, Man, Spain, Finlandia, France, Greece, Hungary, Indian, Israel, Italy, Japan, Malaysia, Netherlands, New Zelanda, Norwegian, Paquistán, United Kingdom, Czech Republic, Republic of Korea, Singapur, Sweden and Turkey.

This new version of the settlement seeks to facilitate the evaluation results of safety products of information technologies are reasonable, comparable, reproducible and efficient. Also promotes better collaboration público-privada through the establishment of the so-called international technical communities (international Technical Communities (iTCs)) and the definition of functional requirements of security through profiles of collaborative protection (collaborative Protection Profiles (cPPs)) applicable to products such as USB devices, firewall, cifradores albums, etc.

Among the beneficiaries of the settlement are:

  • Las Administraciones Públicas, para establecer las bases de la seguridad de la información y de las infraestructuras de TI que la manejan.
  • La industria del sector, para encontrar mercados más amplios a los productos y sistemas de la TI que cuenten con el valor añadido del certificado.
  • Los consumidores (particulares, empresas y AA.PP.), para contar con mayor oferta de productos y sistemas certificados como seguros para proteger su información y servicios.

The Settlement has an interest, in particular, for the National security scheme (Royal Decree 3/2010, of January 8th), in connection with the acquisition of security products stipulates:

  • se valore positivamente la certificación de seguridad en la adquisición de productos por parte de las Administraciones Públicas, (art. 18.1);
  • se reconoce el papel del Organismo de Certificación nacional (art. 18.3);
  • se recoge cómo el uso de productos cuya seguridad se ha certificado contribuye a la satisfacción de requisitos de seguridad de manera proporcionada en las medidas de seguridad para la protección adecuada de la información (Anexo II);
  • includes a model clause for the sheets of technical requirements ("3/2010, annex V).

Background

The first Line was ratified on 23 May 2000, in Baltimore (Maryland, United States), by Germany, Australia, Canadá, Spain, United States, Finlandia, France, Greece, Italy, Norwegian, New Zelanda, countries low and United Kingdom. They later incorporating other countries. Representing the Kingdom of Spain subscribed to that Line the ministry of Public administrations.

A partir del 17 de agosto de 2006, España cambió su estatus en el Arreglo y se convirtió en participante acreditado para emitir certificados de seguridad de la tecnología de la información.

Forerunner of the settlement was the agreement of mutual recognition of certificates of the safety assessment of information technologies, whose geographical scope is fast initially to European countries and whose reference norm first was ITSEC, which is then added Common criteria.

General access point
General access point