Poland joined SOG-IS.
Poland has joined a group of countries – signatories of Senior Official Group Information Security Systems (SOG-IS). Therefore in the future Poland will be able to self-assess and certify IT products in compliance with the international standard ISO/ IEC 15408 adopted by the Polish legal system.
This standard allows formal verification of information systems security. This will increase the level of cyber security and raise the competitive efficiency of Polish companies on the global market.
The agreement regulates the cooperation of the European Union and EFTA countries working on the coordination of certification policies for ICT products.
The agreement was concluded in 1997 in response to the EU Council Decision of 31 March 1992 on the security of information systems and following the Council Recommendation of 7 April 1995 on Common Criteria for Information Technology Security Evaluation.
Common Criteria Recognition Arrangement (CCRA) is an agreement about mutual recognition of evaluation results and certification of secure IT products. CCRA has 26 members, divided into two groups depending on the scope of the standard application.
Certificate Authorizing Members have developed and applied their own evaluation schemes, are authorized to carry out evaluation processes and to issue certificates. There are 17 countries in this group: Australia, Canada, France, Germany, Italy, Japan, Malaysia, Netherlands, New Zealand, Norway, South Korea, Spain, Sweden, Turkey, United Kingdom, United States of America and India.
Certificate Consuming Members are countries which recognize certificates issued by other CCRA members, yet have not adopted their own evaluation schemes so far and are not able to carry out evaluation processes or certify products at the moment. These are the following 9 countries: Austria, Czech Republic, Denmark, Finland, Greece, Hungary, Israel, Pakistan, and Singapore.
More information available at: www.commoncriteriaportal.org/ccra/.
At present there are two Polish products certified according to the Common Criteria standard. Polish Security Printing Works (PWPW) is a developer of both products:
- SmartApp SIGN 2.2 – a secure signature creation device (SSCD) – the certificate was issued in 2012 according to EAL4+ (Evaluation Assurance Level); (http://www.commoncriteriaportal.org/files/epfiles/0694a_pdf.pdf)
- SmartApp-ID 3.1 (IFX) – the product is intended for biometric passports and electronic residence cards for foreigners. It may also be used in other types of identity documents – the certificate was issued in 2014 according to EAL4+ (Evaluation Assurance Level) (http://www.commoncriteriaportal.org/files/epfiles/0898a_pdf.pdf)
The evaluation of this product was carried out in a German laboratory and the certificate was issued by Bundesamt für Sicherheit in der Informationstechnik (BSI).
Besides, PWPW, as the only company in Poland, received a Common Criteria certificate for the development site of SmartApp products family. The certificate assures the security of development and testing rooms and manufacture procedures for SmarApp applets. Development site evaluation was conducted by TÜV Informationstechnik GmbH and recognised by the certification body of BSI:
- PWPW SmartApp Development Site – the evaluation was completed in June 2016 and the certificate is valid until 16 August 2018. (https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/Standortzertifizierung/S_0060.html;jsessionid=DC9B9DCD5E1F76EED8D144F865409151.2_cid360 )