Under eIDAS, a certified electronic mark creation gadget (QSCD) should be confirmed and supported to be utilized for producing qualified electronic marks (QES). Cryptomathic’s Signer is the main QSCD that is Digital Signature ensured under the SOG-IS understanding utilizing the Common Criteria Recognition Arrangement (CCRA).
Its security target is written in severe conformance with EN 419 241-2: Trustworthy Systems Supporting Server Signing Part 2, Protection Profile for QSCD for Server Signing, CEN April 2019.
The interaction for becoming SOG-IS confirmed is very serious.
- Play out a stricter understanding of Common Criteria prerequisites and keep the climate from upholding SFRs.
- Have fit extra prerequisites for explicitly specialized spaces, including those for smartcards and equipment gadgets, as HSMs.
- Have broad involvement in the composite assessment approach that was made initially for the specialized space of smartcards.
- Comprehend the results of not tending to the joining among programming and the hidden stage while thinking about potential weaknesses.
Understanding the Importance of SOG-IS
To take an interest in SOG-IS, Participants should invest in perceive material testaments that have been approved by any Participant who approves endorsements. These approvals affirm that the cycles for assessment and certificate have been led in a recommended proficient way as indicated by:
- Acknowledged IT security assessment rules.
- Acknowledged IT security assessment techniques.
- An Evaluation and Certification Scheme that is overseen by a consistent Certification Board in approving Participant’s country.
Furthermore, the targets of SOG-IS are happy with the issuance of approved conformant authentications. Endorsements that meet this multitude of conditions are named as conformant authentications for the motivations behind the SOG-IS arrangement.
SOG-IS utilizes the IT security assessment measures that are indicated in the Common Criteria for Information Technology Security Evaluation (CC) and the Information Technology Security Evaluation Criteria (ITSEC). The renditions embraced by the Management Committee and strategies for assessment are those that are determined in the Common Evaluation Methodology for Information Technology Security Evaluation (CEM), the Information Technology Security Evaluation Manual (ITSEM), and supporting reports from JIWG.
At least, for an assessment and accreditation like that of Cryptomathic Signer to be considered as being completed in an appropriately proficient way, the Evaluation Facility should either be:-
- Authorize by a perceived Accreditation Body in its separate country as per ISO 17025, or through a translation endorsed by all Participants and supported and authorized under SOG-IS’s Annex B.3; or.
- Set up under the laws or other authority managerial techniques that are legitimate in the concerned nation and meet the predefined prerequisites under Annex B.3.
Furthermore, the Certification Body should be acknowledged as agreeable and furthermore:-
Either be certified in its particular country by a perceived Accreditation Body as per EN 45011 or with a public understanding of EN 45011 that at least fulfills necessities under SOG-IS’s Annex C; or.
Beset up through laws or other regulatory strategies that are legitimate in the concerned nation and meet the details of EN 45011 or fulfill the necessities of EN 45011 under SOG-IS’s Annex C.
Benefits Achieved Through SOG-IS Compliance
To keep up with the objective of steady, solid, and capacity utilization of SOG-IS measures and strategies, Certification Bodies should acknowledge the obligation regarding checking all dynamic assessments at a suitable level. They should likewise do different strides to guarantee that all their IT Security Evaluation Facilities:
- Perform unprejudiced assessments.
- Accurately and reliably apply the standards and strategies.
- Have and keep up with the specialized skills needed by SOG-IS.
- Can secure the classification of ensured data.