Certification Report: 0362a

Certification Report: 0362a

A Certification

1 Specifications of the Certification Procedure

The certification body conducts the procedure according to the criteria laid down in the following:

• BSIG

2

• BSI Certification Ordinance

3

• BSI Schedule of Costs

4

• Special decrees issued by the Bundesministerium des Innern (Federal

Ministry of the Interior)

• DIN EN 45011 standard

• BSI certification: Procedural Description (BSI 7125)

• Common Criteria for IT Security Evaluation (CC), Version 2.1

5

• Common Methodology for IT Security Evaluation (CEM)

• Part 1, Version 0.6

• Part 2, Version 1.0

• BSI certification: Application Notes and Interpretation of the Scheme (AIS)

• Advice from the Certification Body on methodology for assurance components above EAL4 (AIS 34)

The use of Common Criteria Version 2.1, Common Methodology, part 2,

Version 1.0 and final interpretations as part of AIS 32 results in compliance of the certification results with Common Criteria Version 2.2 and Common

Methodology Part 2, Version 2.2 as endorsed by the Common Criteria recognition arrangement committees.

2

Act setting up the Federal Office for Information Security (BSI-Errichtungsgesetz, BSIG) of

17 December 1990, Bundesgesetzblatt I p. 2834

3

Ordinance on the Procedure for Issuance of a Certificate by the Federal Office for

Information Security (BSI-Zertifizierungsverordnung, BSIZertV) of 7 July 1992,

Bundesgesetzblatt I p. 1230

4

Schedule of Cost for Official Procedures of the Bundesamt für Sicherheit in der

Informationstechnik (BSI-Kostenverordnung, BSI-KostV) of 03 March 2005,

Bundesgesetzblatt I p. 519

5

Proclamation of the Bundesministerium des Innern of 22 September 2000 in the Bundesanzeiger p. 19445

A-1

Certification Report BSI-DSZ-CC-0362-2006

In order to avoid multiple certification of the same product in different countries a mutual recognition of IT security certificates - as far as such certificates are based on ITSEC or CC - under certain conditions was agreed.

2.1 ITSEC/CC - Certificates

The SOGIS-Agreement on the mutual recognition of certificates based on

ITSEC became effective on 3 March 1998. This agreement was signed by the national bodies of Finland, France, Germany, Greece, Italy, The Netherlands,

Norway, Portugal, Spain, Sweden, Switzerland and the United Kingdom. This agreement on the mutual recognition of IT security certificates was extended to include certificates based on the CC for all evaluation levels (EAL 1 – EAL 7).

2.2 CC - Certificates

An arrangement (Common Criteria Arrangement) on the mutual recognition of certificates based on the CC evaluation assurance levels up to and including

EAL 4 was signed in May 2000. It includes also the recognition of Protection

Profiles based on the CC. The arrangement was signed by the national bodies of Australia, Canada, Finland, France, Germany, Greece, Italy, The

Netherlands, New Zealand, Norway, Spain, United Kingdom and the United

States. Israel joined the arrangement in November 2000, Sweden in February

2002, Austria in November 2002, Hungary and Turkey in September 2003,

Japan in November 2003, the Czech Republic in September 2004, the Republic of Singapore in March 2005, India in April 2005.

This evaluation contains the components ADV_IMP.2 (Implementation of the

TSF) and ALC_DVS.2 (Sufficiency of security measures) that are not mutually recognised in accordance with the provisions of the CCRA. For mutual recognition the EAL4-components of these assurance families are relevant.

3 Performance of Evaluation and Certification

The certification body monitors each individual evaluation to ensure a uniform procedure, a uniform interpretation of the criteria and uniform ratings.

The products TCOS Passport Version 1.0 Release 2 / P5CD072V0Q and TCOS

Passport Version 1.0 Release 2 / SLE66CLX641P/m1522-a12 have undergone the certification procedure at BSI.

The evaluation of the products TCOS Passport Version 1.0 Release 2 /

P5CD072V0Q and TCOS Passport Version 1.0 Release 2 /

SLE66CLX641P/m1522-a12 was conducted by TÜV Informationstechnik

GmbH, Evaluation Body for IT-Security. The TÜV Informationstechnik GmbH,

A-2

Evaluation Body for IT-Security is an evaluation facility (ITSEF)

BSI.

6

recognised by

The sponsor, vendor and distributor is:

T-Systems Enterprise Services GmbH

SSC Testfactory & Security

Untere Industriestr. 20

57250 Netphen

The certification is concluded with

• the comparability check and

• the production of this Certification Report.

This work was completed by the BSI on 31. March 2006.

The confirmed assurance package is only valid on the condition that

• all stipulations regarding generation, configuration and operation, as given in the following report, are observed,

• the product is operated in the environment described, where specified in the following report.

This Certification Report only applies to the version of the product indicated here. The validity can be extended to new versions and releases of the product, provided the sponsor applies for re-certification of the modified product, in accordance with the procedural requirements, and the evaluation does not reveal any security deficiencies.

For the meaning of the assurance levels and the confirmed strength of functions, please refer to the excerpts from the criteria at the end of the

Certification Report.

6

Information Technology Security Evaluation Facility

A-3

Certification Report BSI-DSZ-CC-0362-2006

4 Publication

The following Certification Results contain pages B-1 to B-22 and D1 to D-4.

The products TCOS Passport Version 1.0 Release 2 / P5CD072V0Q and TCOS

Passport Version 1.0 Release 2 / SLE66CLX641P/m1522-a12 have been included in the BSI list of the certified products, which is published regularly

(see also Internet: http:// www.bsi.bund.de). Further information can be obtained from BSI-Infoline +49 228 9582-111.

Further copies of this Certification Report can be requested from the developer and sponsor

7

of the product. The Certification Report can also be downloaded from the above-mentioned website.

7

T-Systems Enterprise Services GmbH

SSC Testfactory & Security

Untere Industriestr. 20

57250 Netphen

A-4

Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project