- Revision of ISO/IEC 15408-1:2022
Cybersecurity/Network and Information security
- Upgrading prEN 18037 to final stage
Cybersecurity/Network and Information security
A unified approach to developing cybersecurity certification schemes and the possibility of reusing evaluation results produced under different certification schemes would be a dominant factor in decreasing the costs and workload needed for the certification of composite products or services. This could, at least partly, remove financial barriers for SMSs to enter the certification market.
The societal impact measured by increasing confidence in the certification as a powerful cybersecurity tool would be real.
- revision of ISO/IEC 15408:2022 (all parts) and ISO/IEC 18045:2022
Cybersecurity/Network and Information security
The resulting study in the form of PWI 25543 is aimed at keeping the reference standards as the-state-of_the_art documents which cope with emerging and future technologies in cybersecurity certification. The goal set up in the plan is strongly supported by sound standards with appropriate scope of application. In this way the assessments can be repeatable and comparable thus create the basis for wide recognition of results which usually appear as certificates respected by all EU Member States.
- Improving presentation and quality of Terminology for EN-ISO/IEC 15408 series and EN-ISO/IEC 18045
Cybersecurity/Network and Information security
Gaining the customer confidence they are using secure and safe ICT products is the objective of security assessment. Considering technical complexity of cybersecurity evaluation these processes should rely on robust and mature standards. The customers and risk owners do not need to know all details of such evaluation, but they should have solid ground of trust in the results of evaluations usually expressed by the certificates. Common Criteria provide highly sophisticated tools for gaining confidence in correct and sufficient implementations of security controls under the principles of the “cybersecurity-by-design-and-default” in the ICT products and the ground of their resilience in case of cyberattacks which could happen in the future.
- Improving presentation and quality of Terminology for EN-ISO/IEC 15408 and EN-ISO/IEC 18045 (2nd)
Cybersecurity/Network and Information security
Complete and internally consistent terminology constitutes a basis for general understanding and broad implementation of the standards. ISO/IEC 15408 (Multipart) and ISO/IEC 18045 are reference standards for first European cybersecurity certification program EUCC. Growing needs for cybersecurity certification is a result of implementation of several EU legal acts such as CSA, CRA, AI Act or NIS2 Directive. Certification could have a positive impact on growing confidence in cybersecurity among EU citizens and entrepreneurs, including SMSs.
Value of Research
Societal, Economic or Technological Impacts
Complete and internally consistent terminology constitutes a basis for general understanding and broad implementation of the standards. ISO/IEC 15408 (Multipart) and ISO/IEC 18045 are reference standards for first European cybersecurity certification program EUCC. Growing needs for cybersecurity certification is a result of implementation of several EU legal acts such as CSA, CRA, AI Act or NIS2 Directive. Certification could have a positive impact on growing confidence in cybersecurity among EU citizens and entrepreneurs, including SMSs.
Title & Organisation Name: Project Leader, National Institute of Telecommunications
Country: Poland
