What is MyCC scheme?
Malaysian Common Criteria Evaluation and Certification Scheme (MyCC Scheme) is a systematic process for evaluating and certifying the security functionality of ICT products against defined criteria or standards.
MyCC Scheme evaluates and certifies the security functionality within ICT products against International standard:
- ISO/IEC 15408 (Information technology -- Security techniques-- Evaluation criteria for IT security) also known as Common Criteria (CC) and;
- ISO/IEC 18405 (Information technology -- Security techniques-- Methodology for IT security evaluation) also known as Common Evaluation Methodology (CEM).
Malaysian Common Criteria Certification Body (MyCB) is a department under CyberSecurity Malaysia. The primary responsibility is to carrying out certification and overseeing day-to-day operation of the MyCC Scheme.
What is MyCC scheme mission?
MyCC Scheme mission is "to increase Malaysia's competitiveness in quality assurance of information security based on the Common Criteria (CC) standards and to build consumers' confidence towards Malaysian ICT products."
Who owns the MyCC scheme?
MyCC scheme is owned by CyberSecurity Malaysia.
Are there policies explaining the MyCC framework for CC evaluations?
The Malaysian Certification Body (MyCB) administers the regulations for conducting CC evaluations through the following MyCC Publications:
How can I contact the MyCB?
For more information about MyCC Scheme, please
contact us.Where can I get training on the MyCC Scheme?
We provide training for any parties that are interested to get training on the MyCC Scheme. You can view our training calender
here.What is MyCC Scheme Maintenance of Assurance?
Maintenance of assurance is a voluntary process that leverages a certified TOE baseline as changes are made to the certified TOE. The MyCC Scheme has adopted the CCRA compliant process for assurance continuity or for maintenance of assurance in a TOE certified within the MyCC Scheme and in conformance with MyCC Scheme Rules.
This service provides customers with a cost effective method of maintaining a level of confidence in the security provided by a TOE as it is updated. Details of the MyCC Scheme Maintenance of Assurance service can be found in
MyCC_P1: MyCC Scheme Policy.
What is the Common Criteria (CC)
Common Criteria (CC) was created to harmonise criteria produced by a number of nations including the United States (TCSEC), European (ITSEC) and Canada (CTCPEC) for carrying out security evaluations, into a single set of common criteria.
The CC is now recognised as the ISO (International Organization for Standardization) standard, ISO/IEC 15408 (Information technology -- Security techniques-- Evaluation criteria for IT security), and regarded as the international benchmark for IT security evaluation criteria.
What is the Common Criteria Recognition Arrangement (CCRA) and mutual recognition?
Common Criteria Recognition Arrangement (CCRA) is a formal international arrangement between a great numbers of countries. This mutual recognition ensures that certificates issue by one of the member states certification body is recognised by all member states.
This will helps vendors to cut their costs by having a single product or system evaluation which is recognisable by all participating nations. Common Criteria certifications from EAL1 to EAL4 are mutually recognised by all CCRA members. Further information about the CCRA can be found at
http://www.commoncriteriaportal.org/theccra.htmlWhich nations participate in the CCRA?
The CCRA membership includes CC certificate producing and certificate consuming nations. All CCRA participants are listed on the CC portal with the name and contact details of each CC scheme, which can be found at
http://www.commoncriteriaportal.org/members.html.What is an Evaluation Assurance Level (EAL)?
Common Criteria (CC) operates the concept of assurance levels which is called Evaluation Assurance Level (EAL). For CC, the levels are EAL1 to EAL7. These scales represent ascending levels of confidence that can be placed in the ICT product which corresponded with security objectives. The higher the EAL the greater the degree of rigour is applied in assessing whether the ICT product has met its security requirements.
What is Assurance Continuity?
The purpose of Assurance Continuity is to enable developers to provide assured products to the IT consumer community in a timely and efficient manner. The awarding of a Common Criteria evaluation certificate signifies that all necessary evaluation work has been performed to convince the evaluation authority that the TOE meets all the defined assurance requirements as grounds for confidence that an IT product or system meets its security objectives.
Assurance Continuity recognises that as changes are made to a certified TOE or its environment, evaluation work previously performed need not be repeated in all circumstances. Assurance Continuity therefore defines an approach to minimising redundancy in IT Security evaluation, allowing a determination to be made as to whether independent evaluator actions need to be re-performed.
Where can I find more information about CC, CCRA and products that had been certified by other schemes?
Common Criteria Portal contains current information regarding the official version of the CC, Common Evaluation Methodology (CEM), CCRA, certified products and Protection Profiles, interpretations and other supporting documents.
