KSO3C
The project is funded by the National Centre for Research and Development under the Cybersecurity and Digital Identity Program – CyberSecIdent.
Title: National Scheme for the Evaluation and Certification of Security and Privacy of IT Products and Systems in Compliance with Common Criteria (KSO3C)
The KSO3C project is a joint initiative of three scientific and research institutions operating under the supervision of the Minister of Digital Affairs: the National Institute of Telecommunications – Institute of Innovative Technologies. Instytut Łączności – Państwowy Instytut Badawczy (Consortium Leader), Naukowa i Akademicka Sieć Komputerowa – Państwowy Instytut Badawczy oraz Sieć Badawcza Łukasiewicz – Instytut Technik Innowacyjnych EMAG.
Agreement No. CYBERSECIDENT/381282/II/NCBR/2018
Project Manager from the Instytut Łączności – Dr. Eng. Elżbieta Andrukiewicz
From the Naukowa i Akademicka Sieć Komputerowa – Paweł Kostkiewicz
From the Łukasiewicz – EMAG – M.Eng. Dariusz Rogowski
PROJECT GOAL:
The purpose of the project is to develop and implement a scheme in Poland for the evaluation and certification of IT product security and privacy in compliance with a widely recognized standard for IT security assessment: PN-ISO/IEC 15408 Information Technology – Security Techniques – Evaluation Criteria for IT Security, commonly known as “Common Criteria.” This standard outlines a series of requirements for designing and assessing the security of IT products. These security measures are characterized by a justified level of confidence in the effectiveness and efficiency of protections, confirmed through independent evaluations performed by licensed testing laboratories.
As a result of the project, two security assessment laboratories will be established in Poland, located at Instytut Łączności – PIB and Łukasiewicz – EMAG. These laboratories will be overseen by a certification body at NASK– PIB, which will issue certificates for IT products that successfully pass the assessment process.
Compliance certificates with Common Criteria for evaluated IT products, issued within the Polish scheme, will be recognized by the most economically advanced countries of the European Union and worldwide. The Polish system for assessing and certifying the security of IT products and services aligns with the European Commission’s initiatives aimed at creating a European cybersecurity certification framework.
PLANNED OUTCOMES:
The main deliverables of the project include:
Organizationally, procedurally, and technically prepared for operational activities, two conformity assessment laboratories at Instytut Łączności – PIB and Łukasiewicz – EMAG will be established and accredited in compliance with the PN-EN ISO 17025 standard.
An organizationally and procedurally prepared certification body at NASK-PIB (Research and Academic Computer Network – National Research Institute), which will obtain accreditation in compliance with the PN-EN ISO 17065 standard.
Common Criteria compliance certificates for at least two IT products evaluated in the assessment laboratories.
An operationally ready evaluation and certification scheme capable of issuing Common Criteria certificates at EAL 1-4 levels.
Project value: PLN 24,322,325.28, including funding of PLN 24,164,009.28
