ICCC 2012: The international conference dedicated to Common Criteria
October 2012 by ICCC
Major event in the field of evaluating the security of information technologies according to Common Criteria (CC), the ICCC conference gathered last September almost 400 participants in Paris. Focus on the stakes of this event. This year the ICCC conference took place in Paris, under the auspices of l’Agence nationale de la sécurité des systèmes d’information (ANSSI). These three days have been the occasion for the users of Common Criteria method to exchange their experiences. Indeed, this method widely recognized but only known by a small community of experts, plays an important role in the confidence consumers can have in the security of their Information Technologie (IT) environment.
Common Criteria enable to assess and certify the security of products and information technology systems such as payment smartcards and terminals, network applications, smartphone applications… in other words, products dealing with confidential information or monetary exchange requiring a high level of protection. More generally they concern all the parts of an IT system that play a role in the protection of this system, of the data it contains and the security of the services offered.
With a record attendance, 390 delegates and almost 27 countries represented, this conference has enjoyed a great success. One of the highlight of this event was the orientation statement of the CCRA President (Common Criteria Recognition Arrangement). He announced a reorientation of the evaluation recognition between member countries with the ambition to go towards more efficiency. It can also be seen as the renewed commitment of governments to the international recognition of Common Criteria and to its continuity in front of private schemes. It should be noted that this reorientation leans upon the combined efforts of certification authorities, laboratories and manufacturers.
At the end of the conference, it appears that Common Criteria are being increasingly used in different sectors, always with the same goal: reaching an optimal level of security assurance. One of the new challenges will be the deployment of mobile proximity payment (MNFC), requiring deep changes in the roles and responsibilities of electronic payment players. An interesting use case to be followed at the next edition of the ICCC conference which will take place in the USA.