The Dutch Authority for Digital Infrastructure (RDI) in their role as National Cybersecurity Certification Authority (NCCA) has authorised their first IT Security Evaluation Facility (ITSEF) under the European Cybersecurity Act (CSA).
Image: © LGAI TECHNOLOGICAL CENTER, SA
Applus+ Laboratories is the first ITSEF licensed in the Netherlands to perform evaluation activities under the EU Cybersecurity Certification Scheme on Common Criteria (EUCC) on the highest assurance level.
The licensed Applus+ sites in Spain are authorised to conduct security evaluations of IT products as an independent test laboratory. The Dutch NCCA has determined that Applus+ meets the specified requirements and is therefore competent to perform product evaluations and has taken sufficient measures to protect customer information, product design and test results.
Applus+ applied for authorisation in the Netherlands because it wants to cooperate with a Dutch Certification Body (CB) in the future. If it wants to cooperate with a Dutch CB, it must also be authorised in the Netherlands.
An ITSEF carries out independent security evaluations of IT products and systems according to the requirements of the EUCC certification scheme. The ITSEF tests whether a product meets established security standards and reports on this to a CB. Based on this report, a CB can then decide to issue a certificate for the tested product. The NCCA also expects to authorise other ITSEFs and a first CB in the near future.
The EUCC is the European certification scheme for IT products based on the international Common Criteria standard (ISO/IEC 15408). The EUCC provides a harmonised framework within the EU for assessing and certifying the security properties of IT products. An EUCC certificate is recognised throughout the EU, eliminating the need for certification per individual member state.