1st Level Security Assessment

One of the prominent issues in information technologies certification is Basic Level Security Certification. 1st Level Security Certification is a security assessment program aimed at a simple, fast and effective security assessment.

One of the prominent issues in information technologies certification is Basic Level Security Certification. 1st Level Security Certification is a security assessment program aimed at a simple, fast and effective security assessment.

The parties of the 1st Level Security Certification are as follows.

  • Certification Body,
  • Evaluation Body (Certby Lab),
  • Product Owner
  • Product Developer.

The Product Owner and the Product Developer can be the same company or different companies.

Certification Body prepares the content of standards, forms, guides, etc. that will ensure the implementation of 1st Level Security Certification. It determines the evaluation criteria and general methods for 1st Level Security Certification and authorizes the evaluation institutions.

Evaluation Body refers to the body authorized by TSE (Certification Body) in technical fields where it has sufficient expertise. It evaluates the products through its technical experts and reports the findings to the certification body.

The basic processes of 1st Level Security Certification are as follows.

1st Level Security criteria define the minimum level of security requirements that a product or system should have. Evaluation of a product should verify that the product provides the security features specified in the security objective, that all security functions have reached at least the “baseline” level of resistance, and that no vulnerabilities could be used in the evaluation.

Evaluation has two main goals:

    1. To determine the conformity of the product with the safety specification,
    2. To determine the effectiveness of the security functions offered by the product.

     

    If the core security functions of the product are provided by crypto mechanisms, the evaluation has two additional objectives:

    In the tests carried out in accordance with the test requirements for TS ISO / IEC 24759 Crypto modules, the crypto mechanisms of the product;

    1. To determine compliance with security requirements for TS ISO/IEC 19790 Crypto modules,
    2. To determine the correct implementation of these mechanisms through the product according to their definition.

Evaluation is based on the following evidence and studies:

Available documentation;

Generic vulnerability databases of at least known vulnerabilities that need to be tested;

The product itself, installed on a test platform that represents the intended use environment.