Nov 04, 2019 626times

Qatar Common Criteria Scheme (QCCS)

 

Scheme overview

Common Criteria for IT Evaluation and Certification Scheme, also known as Common Criteria (CC) scheme, is a systematic approach for ICT evaluating and certifying the technologies used to implement the security functionality of ICT products against the ISO/IEC 15408 standards, also known as Common Criteria (CC). It is important to have the scheme to ensure high standards of competence and impartiality are maintained, and that consistency is achieved.


The Qatar Common Criteria Scheme (hereafter referred to "QCCS") provides the certification services that based on the evaluation results and methodology is based on ISO/IEC 18045, also known as Common Evaluation Methodology (CEM) by the approved laboratory, also known as IT security evaluation facility (ITSEF), i.e. the Qatar Technology Vetting LAboratory (QTVL) .


According to the Common Criteria Recognition Arrangement (CCRA) requirement, the CC scheme - QCCS shall be managed under a sole Certification Body (CB). In Qatar, the CB is a unit under the Compliance and Data Protection Department within the Ministry of Transport and Communications (MoTC) - QCERT. The CC scheme owner - QCCS is responsible for carrying out the CC certification and overseeing the day-to-day management and operation of the CC scheme. 

The Certification Body (CB) for the QCCS was formed by the MoTC (Ministry of Transport and Communication) under the mandate from the ministry approval itself when it was known as IctQatar. The MoTC was formally known as IctQatar and then changed its name to MoICT. The forming of Certification Body was based on the approval letter of the ministry dated 22nd January 2015, Reference Letter No: MICT/CSD/CIIP/001-2015. 

About QCCS

The QCCS has been recognized by CCRA as a Certificate Consuming Member back to 2015. That means, the state of Qatar is promoting, recognization the CC certificates from other CCRA members and encourage of purchase the CC certified product and/or install, especially in critical national ICT infrastructure (CNII) and industry, i.e. oil and gas. 

The next step, the QCCS is looking forward to becoming the Certificate Authorizing Member under CCRA recognition, provide the CC certification in 2022. 

The QCCS provides the following functions: 

  • The establish, implement, maintain and continually improve a common criteria certification scheme and management system, in accordance with the requirements of CCRA and ISO/IEC 17065 (as appropriate).
  • Maintain the Certificate Authorizing Member status with CCRA, participate the CCMB activities on behalf of the State of Qatar's interest;
  • Maintain and provide ICT product certification, fulfill CCRA Certificate Authorizing Members responsibilities and meet National/International Standard requirements;
  • Marketing and improvement of the ICT security application and awareness in the State of Qatar;
  • Provide ICT security assurance for the information and communication technology (ICT) adopted in the State of Qatar, both public and private sectors;
  • Managing the licensing ITSEF under the schemes.

Benefits of QCCS certificates

  • Increase Qatar's reputation as a hub of ICT security assurance services in the Gulf region
  • Increase Qatar's reputation especially in the provision of ICT security assurance services related to ICT product security evaluation.
  • Improve the competitiveness of Qatar ICT certified products in a global ICT market
  • The Common Criteria (CC) provides a benchmark for comparing the security features implemented in ICT products. Qatar certified ICT products can leverage the CC benchmark to compete effectively against similar categories of products on the global ICT market.
  • Enhance the security of Qatar's information security infrastructure by making available a suite of independent security assured ICT products
  • Independently security certified products and Protection Profile (PP) offers increased assurance in their implemented security features over developer asserted security features. Deployment of these products in well-managed information infrastructure will provide greater assurance in the protection of this infrastructure.

QCCS Services

The QCCS offers the following certification services to customers:

  • CC certification of ICT products and systems (Target of Evaluation, TOE)
  • CC certification of Protection Profiles (PPs)
  • Certification of site security (applicable for both developer and production site) 
  • Recognition of CCRA certificates for special purposes

Certification fees structure 

  • The following fees are the unit prices per application.
  • All application fees once paid, shall not be refunded even when the application has been withdrawn.
  • An applicant might be charged extra in addition to an application fee, if the application requires any additional cost, such as traveling expenses paid by the Certification Body for the site visit, etc. as necessary.

The Certification fees

Type of application

Fees

(Currency: USD, TAX excluded)

Certification PP  4,000
EAL1  5,000
EAL2  6,500
EAL3  8,000
EAL4  10,000
EAL5 12,000
EAL6 Quotation upon request
EAL7 Quotation upon request

 

Other fees 

Type of application

Fees

(Currency: USD, TAX excluded)

Assurance Continuity  
Issue of English version of Certificate  
Reissue of Certificate  
Reissue of English version of Certificate  
Reissue of Certification Report  
Reissue of Maintenance Report  

 

Payment procedure of Application Fee

  1. When the acceptance procedure of the application was completed as a rule, QCCS will send the bill to the applicant by next month (about the middle of).
  2. The applicant must transfer the application fee by the due date listed on the invoice (usually by the end of next month of the acceptance of the invoice).
  3. QCCS will inform you of the payee's bank account when the bill is issued.
  4. The transfer fee should be borne by the applicant.

 

Contact information

email: This email address is being protected from spambots. You need JavaScript enabled to view it. 

 

List of the accredited laboratory under the scheme

Name 

Address 

Contact

Qatar Technology Vetting Lab (QTVL) 

State of Qatar

P.O. Box 23264 Doha

4th Floor., Al Nasr Tower B, Corniche Street

email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Web: https://qtvl.motc.gov.qa 

 

 

 

 

List of scheme documents:

  1. Certification Application form

 

List of recognized PPs

  1. Protection Profile - IoT Secure Communication Module 
  2. Protection Profile - IoT Security Element 

 

List of scheme recognized requirements

  1. CC Supporting Documents - Guidance - Site Certification, October 2007, Version 1, Revision 1, CCDB-2007-11-001

 

 

 

 

 

 

 

 

 

  

 

Additional Info

Venue (地點): Start of Qatar
Time (時間): Office hour:
Sunday ~ Thursday: 08:00 ~ 15:00

Related items

Internet of Things (IoT) Secure Communication Module - Developer Training Course
Internet of Things (IoT) Secure Communication Module - Developer Training Course

IoT secure communication module Protection Profile (PP) developed is evaluating and certifying by Germany National Cybersecurity authority (BSI)* according to ISO/IEC 15408, it will be the 1st International recognized security specification/requirements for your IoT product. 

*Note The PP evaluation and certification process expected to be completed by Q3 2019.

Nov 04, 2019
Feasibility Study Workshop for IT Security Evaluation (CC, ISO/IEC 15408) and Certification
Feasibility Study Workshop for IT Security Evaluation (CC, ISO/IEC 15408) and Certification

The Common Criteria for IT Security Evaluation (CC, ISO/IEC 15408) is one of the most popular and market (include Asia, EU, Middle-East and US market) recognized IT Security Assurance Certificates for your ICT product.

Nov 04, 2019
IT Security (CC, ISO/IEC 15408) and Evaluation Assurance Level (EAL)
IT Security (CC, ISO/IEC 15408) and Evaluation Assurance Level (EAL)

Common Criteria for IT Security Evaluation (CC, ISO/IEC 15408) are International recognized IT and Product security evaluation and certification (EAL, evaluation assurance level) scheme.

Nov 04, 2019
Go to top
JSN Educare is designed by JoomlaShine.com | powered by JSN Sun Framework