Studies and deep analysis with the target of providing technical guidelines to ITSEF in order to
- harmonize the application of ISO15408 standard (mainly focusing on functional testing activities and on tools for automating the vulnerability analysis of ICT products
- Increase the significance of the assurance provided by security certificates and
- Contribute to let OCSI maintain the status of Certificate Authoring member in the SOGIS and CCRA MRAs.
The project support OCSI in updating and maintaining competences to perform ISO15408 evaluation activities in an effective and efficient way and, as a consequence, in supporting the needs of end user of certificates, Public Administrations and product developers. The contribute in international activities also support OCSI in maintain a primary active role in the new EU security certification framework to be finalized in the updated ENISA Regulation.
Without specific need for the real certification process in progress in the Italian scheme coordinated by OCSI (the Italian CB), the project will perform studies and technical analysis on the topics of security functions testing and on tools to be adopted in automated vulnerability analysis of devices with wide diffusion software architectures.
OCSI will be supported in the international activities actively attending European and international meeting, in order to plan the technical updates to be adopted by OCSI to be aligned with other MRAs members’ approaches.
For each technical domain, specific requirements and security technical countermeasures to emerging vulnerabilities will be investigated so that OCSI activities will be harmonized with activities of the other common criteria schemes in other nations.
The project will also provide support to OCSI for the Voluntary Periodic Assessment (VPA) that will take place in the first quarter of 2020 in order to maintain the status of Certificate Authorizing member in the international and European MRAs. Methodologies to evaluate the skill and competences of evaluators involved in in ITSEFs evaluation activities will be reviewed and updated in order also to be in line with the requirements defined in the new EU security certification framework and with the outputs of the ongoing review process of ISO 15408 standard by ISO. New approaches to face the issues of assurance continuity, certificates validity and responsible vulnerability disclosure will also be considered.