  |
Supporting documents |
Crypto WG – supporting documents
The SOG-IS Crypto WG is in charge of providing the SOG-IS MC with technical support for the establishment of a SOG-IS Crypto Evaluation Scheme, i.e. a set of requirements and evaluation procedures related to cryptographic aspects of Common Criteria security evaluations of IT products and mutually agreed by SOG-IS participants.
The document « SOG-IS Crypto Evaluation Scheme – Agreed Cryptographic Mechanisms » is primarily addressed to evaluators and developers. Its purpose is to specify which cryptographic mechanisms are recognised agreed, i.e. ready to be be accepted by all SOG-IS participants. For each of the main types of symmetric and assymmetric cryptographic mechanisms, a table summarising the set of all the agreed mechanisms of that type is provided. A result of an evaluation performed under the SOG-IS Crypto Evaluation Scheme is that a user of the target of evaluation (TOE) can get the assurance that she only uses agreed cryptographic mechanisms. General and specific notes on how to implement/evaluate the various agreed cryptographic mechanisms correctly are also provided, as well as requirements related to key management.
Other aspects of the evaluation of cryptographic mechanisms under the SOG-IS Crypto Evaluation Scheme, e.g. conformance testing, implementation evaluation, checking the overall consistency of the security architecture and key management of the TOE with its security goals, etc. , will be addressed in separate supporting documents.
| Title | Comment | Version | Date |
| SOGIS Agreed Cryptographic Mechanisms | Comments are to be forwarded to the editors of the document through the members of the JIWG group. This document will be regularly updated. | 1.0 | Feb. 2016 |
JIWG supporting documents
The JIWG supporting documents listed in the following table support the evaluation of products at the general level. They are continuously monitored and updated by the JIWG.
The JIWG also maintains supporting documents which are related to specific technical domains. Please refer to the details page for the SOG-IS Technical Domains for an overview.
Note on trial use documents: Objective of the trial use phase is to gain experience in the application of the requirements of supporting documents in the context of product evaluation.
The application of the documents for trial use is mandatory for the certification under the SOGIS-MRA for all products.
During the trial phase period it is expected that additional support from the CB in charge of the certification will be provided to interpret the trial-use document on case by case basis when problems with its applications arise. The interpretations that would have been identified during the trial use phase will be fed back to their editors in order to improve the documents in a next version.
General level CC supporting documents
| Title | Type | Version | Date |
| Collection of developer evidence | Guidance | 1.5 | Jan. 2012 |
Fingerprint Scan Door Lock
| Title | Type | Version | Date |
| Application of Attack Potential to Smartcards | Mandatory | 2.9 | Jan. 2013 |
| Application of CC to Integrated Circuits |
Mandatory |
3.0 |
Feb. 2009 |
| Composite product evaluation for Smart Cards and similar devices |
Mandatory |
1.4 |
Aug. 2015 |
| ETR for composite evaluation template |
Guidance |
1.1 |
Aug. 2015 |
| Guidance for Smartcard evaluation |
Guidance |
2.0 |
Feb. 2010 |
| Security Architecture requirements (ADV_ARC) for Smart Cards and similar devices |
Mandatory |
2.0 |
Jan. 2012 |
| Security Architecture requirements (ADV_ARC) for Smart Cards and similar devices - Appendix 1 |
Guidance |
2.0 |
Jan. 2012 |
| Certification of "open" smart card products |
For trial use |
1.1 |
Feb. 2013 |
| Requirements to perform Integrated Circuit Evaluations |
Mandatory |
1.1 |
Feb. 2013 |
| Minimum site security requirements |
For trial use |
1.1 |
July 2013 |
| Security requirements for post-delivery code loading |
Guidance |
1.0 |
Feb. 2016 |
Hardware devices with security boxes CC supporting documents
| Title | Type | Version | Date |
| Application of Attack Potential to Hardware Devices with Security Boxes |
For trial use |
2.0 | Dec 2015 |
Point of Interaction (POIs)
| Title | Type | Version | Date |
| Application of Attack Potential to POIs |
For trial use |
1.0 | Jun. 2011 |
| CEM Refinements for POI Evaluation |
For trial use | 1.0 |
Jun. 2011 |
Digital Tachograph
| Title | Type | Version | Date |
| Security Evaluation and Certification of Digital Tachographs |
Mandatory |
1.12 | Jan. 2003 |
ITSEC criteria and supporting documents
| Title | Type | Version | Date |
| Information Technology Security Evaluation Criteria (ITSEC) |
- |
1.2 |
Jun 1991 |
| Information technology Security Evaluation Manual (ITSEM) |
- |
1.0 |
Sep. 1993 |
| ITSEC Joint Interpretation Library (ITSEC JIL) | Mandatory | 2.0 | Nov. 1998 |