To conduct studies and in-depth analysis with the aim of providing technical guidelines to ITSEF in order to:
- harmonize the application of the ISO15408 standard (mainly focusing on functional testing activities and on tools for automating the vulnerability analysis of ICT products);
- increase the significance of the assurance provided by security certificates;
- contribute to enabling the OCSI to maintain the status of Certificate Authorising member in the SOGIS and CCRA MRAs.
The project supported the OCSI in updating and maintaining skills in performing ISO15408 evaluation activities in an effective and efficient way and, as a consequence, supporting the needs of the end users of certificates, Public Administrations and product developers. The contribution to international activities also supported OCSI in maintaining a leading active role in the new EU security certification framework to be finalized in the updated ENISA Regulation.
Without a specific need for the real certification process underway in the Italian scheme, coordinated by the OCSI (the Italian CB), the project will perform studies and technical analysis on the testing security functions and on tools to be adopted in automated vulnerability analysis of devices with widespread software architecture.
OCSI will be actively supported in the international activities through the attendance of European and international meetings in order to plan the technical updates to be adopted by OCSI and aligned with other MRAs members’ approaches.
For each technical domain, specific requirements and security technical countermeasures against emerging vulnerabilities will be investigated so that OCSI activities can be harmonized with the activities of the other common criteria schemes in other nations.
The project will also provide support for OCSI in the Voluntary Periodic Assessment (VPA) that will take place in the first quarter of 2020, in order to maintain its status as a Certificate Authorizing member of the international and European MRAs. Methodologies to evaluate the skill and expertise of evaluators involved in ITSEF’s activities will be reviewed and updated in order to come into line with the requirements defined in the new EU security certification framework and with the outputs of the ongoing review process of the ISO 15408 standard by ISO. New approaches to issues of assurance continuity, certificates validity and responsible vulnerability disclosure will also be considered.