atsec information security AB is pleased to announce that it is now licensed as an IT Security Evaluation Facility (ITSEF) by CSEC, the Swedish national Common Criteria scheme. The license was awarded on December 6, 2007, the CSEC scheme’s first date to issue licenses. Licensing closely followed completion of atsec AB’s ISO/IEC 17025 certification by SWEDAC on November 28, 2007. atsec AB’s early acceptance as an ITSEF by CSEC reflects the company’s well-established leadership in the IT security evaluation community in Sweden, including atsec’s role in helping to build the CSEC scheme, itself. Worldwide, atsec is now accredited to perform CC evaluations under three national schemes: BSI in Germany, NIAP CCEVS in the U.S., and now CSEC in Sweden.
CSEC is an emerging Common Criteria scheme, currently awaiting final recognition under the CCRA (the Arrangement on the Recognition of Common Criteria Certificates in the field of Information Technology Security). This arrangement defines the terms under which Common Criteria evaluation results certified by one scheme within the arrangement are accepted by all other bodies within the arrangement. International acceptance under the CCRA is the mechanism that conveys the full power of Common Criteria certification for the maximum benefit of companies choosing to certify their IT products under a member scheme.
Because of atsec’s long and successful experience as an accredited CC evaluation facility under both the German and U.S. Schemes, atsec AB was uniquely qualified to help build the CSEC effort to achieve full recognition as a CC scheme. atsec wrote the first draft of the CSEC scheme publications and to date, has provided CC training for all participants in the scheme, including the CSEC certifiers and the prospective evaluators from all ITSEFs seeking accreditation. In addition, atsec was called upon to create the crucial Security Target documents defining the targets of evaluation for the first two CC evaluations under the CSEC scheme. These inaugural evaluations served as the scheme’s proficiency demonstration for accreditation, and the choice of atsec to play this critical role reflects CSEC’s continuing confidence in atsec’s competence.
atsec’s leadership in the IT security evaluation community in Sweden preceded its current efforts in helping to establish the Swedish scheme by many years. atsec GmbH (atsec in Germany) performed the first CC evaluation of a Swedish product, Tutus Data Färisten firewall (developed by Tutus Data AB, sponsored by FMV) in October 2002, and later completed an additional evaluation for Tutus Data AB at the highest mutually recognized evaluation assurance level (EAL4+).
Staffan Persson, Managing Director of atsec information security AB, notes: “I am, of course, very proud that atsec AB has earned a license to perform Common Criteria evaluations under CSEC, but I am equally proud that atsec AB was called to provide leadership in building the Swedish national scheme. This is wonderful recognition of atsec’s competence and integrity in the security world.
“I want to congratulate CSEC on making significant progress towards international recognition as a full certificate-producing participant in the CCRA. The importance of international understandings and arrangements to govern the evaluation and certification activities of a diverse set of national bodies cannot be emphasized enough. International recognition of evaluation results is essential if customers are to reap the full benefit of their security certification investment.
”We very much look forward to full international recognition for the Swedish national scheme as the completion of the rigorous accreditation process in which atsec is pleased to have played a significant role.”
About atsec information security
atsec information security is an independent, standards-based IT (information technology) security consulting and evaluation services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich (Germany) in January 2000 and has extensive international operations with offices in the US, Sweden, the UK, and China. atsec leverages its deep security, process, and standards expertise to consult on a wide range of IT security needs, enabling clients to establish integrated security management procedures in order to manage security risk and improve data, product, and business process reliability. atsec works with leading global companies such as IBM, HP, Oracle, Cray, BMW, SGI, Vodafone, Swisscom, Ericsson, RWE, and Wincor-Nixdorf.