Meeting of the ISO SC27 Working Groups “Security, Cybersecurity and Privacy Protection”

On 01-05 April 2019, a meeting of SC27 Subcommittee working groups took place in Tel-Aviw. The most important project for KSO3C is of course the revision of the ISO/IEC 15408 and ISO/IEC 18045 (Common Criteria) standards. 876 comments were received for all draft standards: 15408 (5 parts), 18045 and 22216 (Transition Guide). During the busy week all received comments were addressed. However, due to the need for additional review of standards consistency in relation to new concepts, such as compliance types for PP-Configuration, PP-Base and PP-Module and new methods such as Composite Evaluation and Multi-Assurance, a decision was made to have another round of comments to improve the quality of standards. Unfortunately, this means a 6 month delay in the anticipated date of publication of new versions of the standards, so we can expect them at the earliest at the end of 2020.

Additionally, a decision has been made to open a new study project on the terminology used in security testing and evaluation (in standards and projects carried out under the WG3 working group) – “The concept hierarchy for terminology used in SC27/WG3 projects in particular focused on the ISO/IEC 15408 and ISO/IEC 18045 projects.” This project aims to create a consistent and user-understandable concepts classification, mainly related to Common Criteria standards. The rapporteurs for this project are Elżbieta Andrukiewicz and Dietmar Bremser.

In the upper row from left: Guillaume Tétu, France; Carolina Lavatelli, France; Heebong Choi, South Korea; Dietmar Bremser, Germany, Kwangwoo Lee, South Korea; Soohyeun Lee, South Korea.

In the lower row from left: Elżbieta Andrukiewicz, Poland; David Martin, United Kingdom; Fiona Pattinson, USA; Christian Noetzel, German; Tony Boswell, United Kingdom.