François Duthilleul’s Post

Last week, I had the pleasure of attending and presenting at the International Common Criteria Conference in Doha, Qatar. It was a milestone event, marking the first time the conference has been held in the Middle East, hosted by #Qatar’s The National Cyber Security Agency. Notably, Qatar is already a member of the Common Criteria Recognition Arrangement (#CCRA), and #Jordan has now joined as well—a remarkable step forward for the region!   Congratulations to Centre for Cybersecurity Belgium, which has also joined the CCRA.   The conference was rich with insightful discussions on a range of significant topics, including updates on certification schemes, #EUCC implementation, the Cyber Resilience Act (#CRA), advances in vulnerability handling, accreditation of Conformity Assessment Bodies (CABs), and the application of Common Criteria (CC) in new domains like automotive security with #ISO21434, #cloud security based on #NIAP cPPs, #5G, and #eIDAS / #QSCD. Regarding mutual recognition, #CCRA and European Union Agency for Cybersecurity (ENISA) are actively collaborating to establish mutual recognition of EUCC certificates, with the goal of achieving global interoperability.   In my presentation, I focused on optimizing #eUICC certification through EUCC, leveraging the Cryptographic Service Provider (#CSP) for streamlined composite certification. I also highlighted the importance of harmonizing EUCC with #GSMA’s #eSA scheme and using GSMA’s eUICC specifications as supporting evidence in EUCC evaluations.   While the conference showcased significant progress, many challenges remain to be tackled in the coming years. I look forward to contributing to these developments and collaborating with industry experts on these important topics!   #CommonCriteria #Cybersecurity #Certification #CCRA #EUCC #eUICC #ENISA #CyberResilienceAct #VulnerabilityManagement #ICCC2024 #GSMA