Common Criteria Certification of AI Systems (C11c)
In collaboration, BSI, BAUTA and TÜVIT aim to assess the suitability of the Common Criteria certification scheme for evaluating AI-based video analysis systems. The project involves two main steps: first, creating an evaluation methodology aligned with Evaluation Assurance Level 2 (EAL2) for the IT security of AI-based systems for video analysis, and second, testing the developed concept and guidelines on a chosen use case. Thereby, the practical evaluation verifies the methodology and helps to identify potential subjects for adjustment. The evaluation process typically includes the topics of threat analysis, the definition of security objectives and the testing as well as evaluation of Security Functional Requirements (SFRs), all with special attention to ML methods, processes, and characteristics. The formulation of guidelines for developers and evaluators shall benefit the evaluation of such systems. The goal is to establish a foundation for future evaluation activities for AI systems, not only in the field of video analysis