The Certification Body licenses evaluation facilities (ITSEFs) to perform security evaluations under the NSCIB. Only an ITSEF licensed by the CB may perform evaluations that can lead to a certificate under the NSCIB. Within the NSCIB there is provision for several ITSEFs.
For the licensing of an ITSEF, the Certification Body requires the fulfilment of the following:
- The ITSEF shall have a demonstrable functioning quality system, meaning an ISO-17025 accreditation with relevant scope;
- The ITSEF shall employ staff having demonstrable general technical skills, IT skills, and Common Criteria knowledge;
- The ITSEF shall be demonstrably able to handle the Common Criteria and the Common Evaluation methodology;
- The ITSEF shall demonstrate that the organisation, the staff, and the processes are sufficiently secure.
- The verification of the compliance of these requirements shall be performed in conformance with part 3 of the NSCIB Scheme documentation.
List of licensed ITSEFs