Canadian Common Criteria Evaluation and Certification Scheme - CCS Instruction #2

Subject

Eligibility of Product Evaluations under the CCS

Purpose

This CCS Instruction establishes the criteria that must be met in order for a CC evaluation to be eligible for certification under the CCS.

Background

The Communications Security Establishment Canada (CSEC) is responsible for ensuring that the CCS provides maximum IT security value to Government of Canada departments and agencies. Accordingly, CSEC has tailored the CCS eligibility requirements to focus on those IT products that have the greatest potential impact on the security posture of the Government of Canada.

Instruction

Unless otherwise stated by CSEC, the CCS will only accept those IT products into the CC certification process that claim conformance to a Canadian-approved Protection Profile, with an EAL no higher than that specified in the Protection Profile.

Determining Eligibility

When a CC evaluation facility submits an IT product for registration under the CCS certification program, the CCS certification body will verify that the draft Security Target includes the required conformance claim as a pre-requisite for registration.

Canadian-approved Protection Profiles

At the present time, the list of Canadian-approved Protection Profiles is identical to the U.S. approved Protection Profiles, located at http://www.niap-ccevs.org/pp. In the near future, CSEC will be maintaining the Canadian-approved Protection Profile list on the CCS website.

Effective Date

This Instruction takes effect on 16 March 2011.