Completeness in High Assurance Common Criteria Evaluation for eIDAS in Europe (R22b)
Security of electronic identification (eID) and trust services of electronic transactions is defined in the EU eIDAS regulation on the highest attack level. Common Criteria (CC) is used to show compliance. For high attack levels the CC requires a methodological approach to ensure that all potential vulnerabilities are covered. How can this completeness be achieved? A story of Protection Profiles, Schemes, TOE types, newly published attack and sophisticated attackers.