Accredited Laboratories.
The Certification Body acredits laboratories to perform the security evaluation of the products or systems subject to certification.
The accreditation of a laboratory requires, as an initial condition, the technical accreditation of the laboratory, in compliance with the UNE-EN 17025 standard by a recognised accreditation entity, such as ENAC.
The Certification Body requires for the accreditation of a security evaluation laboratory the fulfilment of the following:
- Capability to evaluate the security of information technology, proved by its technical accreditation, whose cope must include the Certification Body approved evaluation standards, criteria and methodology.
-
Compliance with the security management requirements
established in Third
Title of the
IT Security Evaluation and Certification Regulations . - Performance of the security evaluations in strict accordance with procedures that follows the information and coordination with the Certification Body requirements laid out in this Third Title.
The verification of the compliance of these requirements shall be performed with the audit and follow-up procedure established in the Fourth Title. In any case, the scope of the accreditation is limited by the technical accreditation and the level of security of the laboratory.
Unless the laboratory can show a clear organisational separation, including resources and procedures, that need to be approved by the Certification Body, the requirements for the secure management of evaluation information required for the acreditation shall apply to every activity of the laboratory, even for those evaluations or work performed whose final aim is not the issuing of a certificate by the Certification Body.
List of Accredited Laboratories.
- RESOLUTION 1A0/38264/2010, dated 19th of November.
- Security level: CLASIFICADO
-
Evaluation standards and levels:
- Information Technology Security Evaluation Criteria, Office for Official Publications of the European Communities, E4;
- Common Criteria/Common Evaluation Methodology, v3.1, nivel EAL4 + (AVA_VAN.5, ALC_FLR.2).
- Point of Contact
- RESOLUTION 1A0/38236/2009, dated 31st of August.
- Security Level: NO CLASIFICADO
-
Evaluation standards and levels:
- Common Criteria/Common Evaluation Methodology, v3.1, EAL4 + (AVA_VAN.5, ALC_DVS.2 y ALC_FLR.2).
- Point of Contact
- RESOLUTION 1A0/38113/2009, dated 4th of May.
- RESOLUTION 1A0/38041/2011, dated 7th of March.
- Security Level: CLASIFICADO
-
Evaluation standards and levels:
- Common Criteria/Common Evaluation Methodology, v3.1, EAL4 + (AVA_VAN.5, ALC_FLR.2, ALC_DVS.2).
- ISO/IEC 19790:2008 & ISO/IEC 24759:2008, level SL3.
- Point of Contact
SOGIS MRA v3 - IT Domain: Smartcards and Similar devices.
On March 2010 the Spanish National Scheme signed the new SOGIS MRA version 3.0 in Europe.
The Spanish National Scheme is a qualified issuer of SOGIS MRA v3 certificates according to Common Criteria v3.1 EAL1-EAL4 and ITSEC E1-E3.
MRA v3 defines IT domains for specific technical fields, being the "Smartcards and Similar devices" the first domain of this type.
The current list of authorised ITSEFs for this SOGIS domain is presented below.
-
Evaluation standards and levels:
- Common Criteria/Common Evaluation Methodology, v3.1, EAL4 + (AVA_VAN.5, ALC_DVS.2 y ALC_FLR.2).