eIDAS: Will Common Criteria Replace FIPS 140-2? (C23b)
Over the past few years, assessment of compliance of products and services with the eIDAS regulation has been at the center of extensive debate. Product developers, service providers, certification authorities, European Commission and evaluation labs are all asking themselves the same questions:
– How to translate the eIDAS regulation into an agreed set of requirements?
– Which evaluation standards shall be used for QSCD? FIPS? Common Criteria? Others?
– What are the differences between different security certifications?
– Do all certified component need the same level of assurance?
– Are all security certifications going to be equally recognized?
In a dynamic panel, industry experts involved in product development, standardization and product security certifications, will share their eIDAS experiences and viewpoints on the topic.
This includes how eIDAS is shaping and driving high assurance certification requirements for HSMs in the EU through the adoption of various evaluation methodologies (such as FIPS and Common Criteria).
In addition, the panel will present their thoughts about definition of future standards and address the suitability under eIDAS of the recently published EAL4+, Common Criteria Protection Profiles
– ‘CEN EN 419221-5, Protection Profiles for TSP Cryptographic Modules – Part 5, Cryptographic Modules for Trust Services’ and
– ‘CEN EN 419241-2, Trustworthy Systems Supporting Server Signing Part 2: Protection Profile for QSCD for Server Signing’.