Let’s Harmonize Labs Competence: ISO 19896 (B22a)
Harmonization on the competence of the different labs/evaluators have been always a topic for discussion in the Cybersecurity Certification community.
At ISO level, a new standard has been approved aiming to support this goal: ISO 19896.
ISO/IEC 19896 orders the requirements for information security testers and evaluators, including a set of concepts and relationships to understand the competency for individuals performing Common Criteria evaluations.
The requirements of this new ISO standard allows verifying that laboratories and personnel have sufficient capacity to handle a Common Criteria evaluation. However, there are some controversial points regarding this ISOs and how to apply it in Common Criteria, which will be explained during the talk.
Other topics to be addressed during the talk will be how EUCC, the first European cybersecurity scheme for ICT products, will cover the requirements of this ISO and other related standards.