Qatar Common Criteria Scheme (QCCS)
Common Criteria for IT Evaluation and Certification Scheme, also known as Common Criteria (CC) scheme, is a systematic approach for ICT evaluating and certifying the technologies used to implement the security functionality of ICT products against the ISO/IEC 15408 standards, also known as Common Criteria (CC). It is important to have the scheme to ensure high standards of competence and impartiality are maintained, and that consistency is achieved.
The Qatar Common Criteria Scheme (hereafter referred to "QCCS") provides the certification services that based on the evaluation results and methodology is based on ISO/IEC 18045, also known as Common Evaluation Methodology (CEM) by the approved laboratory, also known as IT security evaluation facility (ITSEF), i.e. the Qatar Technology Vetting LAboratory (QTVL) .
According to the Common Criteria Recognition Arrangement (CCRA) requirement, the CC scheme - QCCS shall be managed under a sole Certification Body (CB). In Qatar, the CB is a unit under the Compliance and Data Protection Department within the Ministry of Transport and Communications (MoTC) - QCERT. The CC scheme owner - QCCS is responsible for carrying out the CC certification and overseeing the day-to-day management and operation of the CC scheme.
The Certification Body (CB) for the QCCS was formed by the MoTC (Ministry of Transport and Communication) under the mandate from the ministry approval itself when it was known as IctQatar. The MoTC was formally known as IctQatar and then changed its name to MoICT. The forming of Certification Body was based on the approval letter of the ministry dated 22nd January 2015, Reference Letter No: MICT/CSD/CIIP/001-2015.
The QCCS has been recognized by CCRA as a Certificate Consuming Member back to 2015. That means, the state of Qatar is promoting, recognization the CC certificates from other CCRA members and encourage of purchase the CC certified product and/or install, especially in critical national ICT infrastructure (CNII) and industry, i.e. oil and gas.
The next step, the QCCS is looking forward to becoming the Certificate Authorizing Member under CCRA recognition, provide the CC certification in 2022.
The QCCS provides the following functions:
- The establish, implement, maintain and continually improve a common criteria certification scheme and management system, in accordance with the requirements of CCRA and ISO/IEC 17065 (as appropriate).
- Maintain the Certificate Authorizing Member status with CCRA, participate the CCMB activities on behalf of the State of Qatar's interest;
- Maintain and provide ICT product certification, fulfill CCRA Certificate Authorizing Members responsibilities and meet National/International Standard requirements;
- Marketing and improvement of the ICT security application and awareness in the State of Qatar;
- Provide ICT security assurance for the information and communication technology (ICT) adopted in the State of Qatar, both public and private sectors;
- Managing the licensing ITSEF under the schemes.
Benefits of QCCS certificates
- Increase Qatar's reputation as a hub of ICT security assurance services in the Gulf region
- Increase Qatar's reputation especially in the provision of ICT security assurance services related to ICT product security evaluation.
- Improve the competitiveness of Qatar ICT certified products in a global ICT market
- The Common Criteria (CC) provides a benchmark for comparing the security features implemented in ICT products. Qatar certified ICT products can leverage the CC benchmark to compete effectively against similar categories of products on the global ICT market.
- Enhance the security of Qatar's information security infrastructure by making available a suite of independent security assured ICT products
- Independently security certified products and Protection Profile (PP) offers increased assurance in their implemented security features over developer asserted security features. Deployment of these products in well-managed information infrastructure will provide greater assurance in the protection of this infrastructure.
The QCCS offers the following certification services to customers:
- CC certification of ICT products and systems (Target of Evaluation, TOE)
- CC certification of Protection Profiles (PPs)
- Certification of site security (applicable for both developer and production site)
- Recognition of CCRA certificates for special purposes
Certification fees structure
- The following fees are the unit prices per application.
- All application fees once paid, shall not be refunded even when the application has been withdrawn.
- An applicant might be charged extra in addition to an application fee, if the application requires any additional cost, such as traveling expenses paid by the Certification Body for the site visit, etc. as necessary.
The Certification fees
|Type of application||
(Currency: USD, TAX excluded)
|EAL6||Quotation upon request|
|EAL7||Quotation upon request|
|Type of application||
(Currency: USD, TAX excluded)
|Issue of English version of Certificate|
|Reissue of Certificate|
|Reissue of English version of Certificate|
|Reissue of Certification Report|
|Reissue of Maintenance Report|
Payment procedure of Application Fee
- When the acceptance procedure of the application was completed as a rule, QCCS will send the bill to the applicant by next month (about the middle of).
- The applicant must transfer the application fee by the due date listed on the invoice (usually by the end of next month of the acceptance of the invoice).
- QCCS will inform you of the payee's bank account when the bill is issued.
- The transfer fee should be borne by the applicant.
List of the accredited laboratory under the scheme
Qatar Technology Vetting Lab (QTVL)
State of Qatar
P.O. Box 23264 Doha
4th Floor., Al Nasr Tower B, Corniche Street
List of scheme documents:
- Certification Application form
List of recognized PPs
- Protection Profile - IoT Secure Communication Module
- Protection Profile - IoT Security Element
List of scheme recognized requirements
- CC Supporting Documents - Guidance - Site Certification, October 2007, Version 1, Revision 1, CCDB-2007-11-001
Sunday ~ Thursday: 08:00 ~ 15:00