Crypto WG - supporting documents

The SOG-IS Crypto WG is in charge of providing the SOG-IS MC with technical support for the establishment of a SOG-IS Crypto Evaluation Scheme, i.e. a set of requirements and evaluation procedures related to cryptographic aspects of Common Criteria security evaluations of IT products and mutually agreed by SOG-IS participants.


The document "SOG-IS Crypto Working Group - Agreed Cryptographic Mechanisms" is primarily addressed to evaluators and developers. Its purpose is to specify which cryptographic mechanisms are recognised agreed, i.e. ready to be be accepted by all SOG-IS participants. For each of the main types of symmetric and assymmetric cryptographic mechanisms, a table summarising the set of all the mechanisms of that type is provided. A result of an evaluation performed under the SOG-IS Crypto Evaluation Scheme is that a user of the target of evaluation (TOE) can get the assurance that she only uses agreed cryptographic mechanisms. General and specific notes on how to implement/evaluate the various agreed cryptographic mechanisms correctly are also provided, as well as requirements related to key management.

Other aspects of the evaluation of cryptographic mechanisms under the SOG-IS Crypto Evaluation Scheme, e.g. conformance testing, implementation evaluation, checking the overall consistency of the security architecture and key management of the TOE with its security goals, etc. , will be addressed in separate supporting documents.

Title Comment Version Date
SOGIS Agreed Cryptographic Mechanisms Updated version. Comments are to be forwarded to the editors of the document through the members of the JIWG group. This document will be regularly updated. 1.3 February 2023
SOGIS Agreed Cryptographic Mechanisms 1.2 January 2020
SOGIS Agreed Cryptographic Mechanisms Updated version 1.1 June 2018
SOGIS Agreed Cryptographic Mechanisms Initial version 1.0 May 2016


The "SOG-IS Crypto Evaluation Scheme - Harmonised cryptographic Evaluation Procedures " (HEP) document is primarily addressed to evaluators and developers. It can be used by any evaluation scheme as its purpose is to develop a dedicated, harmonized evaluation methodology for the cryptographic mechanisms evaluated as part of a Target of Evaluation. It also constitutes a support to the "Agreed Cryptographic Mechanisms" document as it covers all included mechanisms.

Still in draft form, this document is not yet fully endorsed by SOG-IS.

Titre Commentaire Version Date
SOGIS Harmonised cryptographic Evaluation Procedures This document is currently under development and published here for public review.
Comments can be sent through the members of the JIWG group and via info@dutchncca.nl to the MC chair.
0.16 Dec. 2020


JIWG supporting documents

The JIWG supporting documents listed in the following table support the evaluation of products at the general level. They are continuously monitored and updated by the JIWG. 

The JIWG also maintains supporting documents which are related to specific technical domains. Please refer to the details page for the SOG-IS Technical Domains for an overview.


Guidance: the objective of guidance documents is for developers, ITSEFS and certification body's to improve the evaluation and certification process. Guidance documents may contain background material to aid the understanding of the evaluation approach or any other information and hold no obligations for any of the involved actors.

Mandatory: supporting documents of the type 'Mandatory' contain a consistent set of interpretations that specify the use of the criteria and methodology within a particular field or domain of technology and shall be used where relevant. These documents contain the elements necessary for mutual recognition of certificates for such technologies. The Evaluation Technical Report and the Certification Report shall identify which mandatory supporting documents have been used (incl. version).

Trial use: before a supporting document is approved as mandatory, a trial use phase will take place. The objective of the trial use phase is to gain experience in the application of the requirements of a mandatory supporting document in the context of a product evaluation. The application of the documents for trial use is mandatory for the certification under the SOGIS-MRA for all products within a particular field or domain of technology.

During the trial phase period it is expected that additional support from the CB in charge of the certification will be provided to interpret the trial-use document on case by case basis when problems with its applications arise. The interpretations that have been identified during the trial use phase will be fed back to their editors in order to improve the documents in a next version.


General level CC supporting documents

Title Type Version Date
Collection of developer evidence Guidance 1.5 Jan. 2012
Evaluation methodology for product series Guidance 1.0 April 2017
Minimum site security requirements
This document is a guidance in general but is mandatory for the specifics technical domain
Guidance
3.1
Dec. 2023
Checklist (corresponding to MSSR v3.1)
Guidance
3.1
Dec. 2023
ADV_SPM.1 interpretation for [CC:2022] transition
Guidance
1.0
May 2024
Composite product evaluation and certification for CC:2022
Mandatory
1.6
April 2024

 

Smartcards and similar devices CC supporting documents

Title Type Version Date
Application of Attack Potential to Smartcards Mandatory 3.2.1 Feb. 2024
Application of CC to Integrated Circuits for CC3.1
Mandatory
3.0
Feb. 2009
Application of CC to Integrated Circuits for CC:2022
Mandatory
4.0
April 2024
Composite product evaluation for Smart Cards and similar devices for CC3.1
Mandatory
1.5.1
May 2018
ETR for composite evaluation template
Guidance
1.2
April 2024
Guidance for Smartcard evaluation for CC3.1
Guidance
2.0
Feb. 2010
Guidance for Smartcard evaluation for CC:2022
Guidance
3.0
April 2024
Security Architecture requirements (ADV_ARC) for Smart Cards and similar devices extended to Secure Sub-Systems in SoC
Mandatory
2.1
July 2021
Security Architecture requirements (ADV_ARC) for Smart Cards and similar devices extended to Secure Sub-Systems in SoC - Appendix 1
Guidance
2.1
July 2021
Certification of "open" smart card products
Mandatory
2.0
May 2024
Minimum site security requirements
Mandatory
3.1
Dec. 2023
Checklist (corresponding to MSSR v3.1)
Guidance
3.1
Dec. 2023
Site Technical Audit Report Template
Guidance
1.0
Feb. 2018
Security requirements for post-delivery code loading
Guidance
2.0
Sept. 2024
Minimum ITSEF Requirements for Security Evaluations of Smart cards and similar devices
Mandatory
2.1
Feb.2020
Assurance Continuity - Practical Cases for Smart Cards and similar devices for CC3.1
Guidance
1.0
Nov. 2017
Assurance Continuity - Practical Cases for Smart Cards and similar devices for CC:2022
Guidance
1.1
April 2024
Code Disclosure and Software IP Reuse
Guidance
1.2
Nov. 2017
Biometric Card - Guidelines
Guidance
1.1
Sept. 2023
Secure Sub-System in System-on-Chip (3S in SoC)– Life-cycle model related evaluation aspects
Guidance
1.0
Oct. 2024

 

Hardware devices with security boxes CC supporting documents

Title Type Version Date
Application of Attack Potential to Hardware Devices with Security Boxes
Mandatory
3.1 November 2023
Minimum ITSEF Requirements for Security Evaluations of Hardware Devices with Security Boxes
Mandatory
1.1 Aug. 2020
Minimum site security requirements
Mandatory
3.1
Dec. 2023
Checklist (corresponding to MSSR v3.1)
Guidance
3.1
Dec. 2023
 

ITSEC criteria and supporting documents

Title Type Version Date
Information Technology Security Evaluation Criteria (ITSEC)
-
1.2
Jun 1991
Information technology Security Evaluation Manual (ITSEM)
-
1.0
Sep. 1993
ITSEC Joint Interpretation Library (ITSEC JIL) Mandatory 2.0 Nov. 1998