National schema for the security and privacy evaluation and certification of IT products and systems compliant with Common Criteria (KSO3C)

KSO3C project is a joint initiative of three research organizations: The National Institute of Telecommunications (IŁ-PIB), Research and Academic Computer Network (NASK) and the Institute of Innovative Technologies EMAG (ITI EMAG), operating under supervision of the Polish Minister of Digital Affairs. This project is Poland’s response to the European Commission’s initiative for developing the European Certification Framework for ICT digital products, services and processes.

Its aim is design and implementation of innovative methods and techniques for assessing, at high assurance level, security and privacy vulnerabilities created with advanced attack techniques. These could be either non-invasive (e.g. side-channel attacks or reverse engineering) or invasive (e.g. perturbative adversarial attacks).

The outcome of the Project will be a fully operational organizational scheme, capable of issuing globally accepted certificates.

The scheme will be an open structure into which new laboratories assessing compliance according to Common Criteria may be accepted. The acceptance criteria for such evaluation laboratory (ITSEF) are defined by a certification authority in accordance with EU rules on conformity assessment of products, services and processes and are based on principles of impartiality and transparency.