Building Trust: Developing a Private Cybersecurity Certification Scheme for Cryptographic Modules under ISO/IEC 19790 (S13c)
As the demand for secure cryptographic modules continues to grow, the need for a reliable and robust certification framework becomes paramount. This talk focuses on the development of a private/voluntary cybersecurity certification scheme specifically designed for the certification of cryptographic modules in compliance with ISO/IEC 19790. Additionally, it covers the design and implementation of this scheme in accordance with the principles outlined in ISO/IEC 17067, which provides the general guidelines for product certification schemes. The talk walks through the essential steps of creating a certification scheme tailored to the unique requirements of cryptographic modules, from establishing clear evaluation and certification processes to defining criteria for compliance. It highlights the importance of structuring the scheme to ensure transparency, consistency, and impartiality in conformity assessment. The talk also delves into the process of accrediting a conformity assessment body (CAB) to assess and certify cryptographic modules against the developed scheme. Key requirements for accrediting the CAB are discussed to ensure reliability and competence in conducting assessments. By the end, participants gain a comprehensive understanding of how to develop a private certification scheme for cryptographic modules, combining technical and operational aspects of compliance with ISO/IEC 19790 and ensuring the proper accreditation of conformity assessment bodies to guarantee the credibility of the certification process.
