General Requirements for Accreditation of ASNITE. Testing Laboratories of Information Technology. (The 10th Edition) October 15, 2007

Transcription

1 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 1/29 (Tentative Translation) Accreditation - Department - TIRP21 ASNITE Test IT Publication Document General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology (The 10th Edition) October 15, 2007 International Accreditation Japan National Institute of Technology and Evaluation

2 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 2/29 - Content - Part 1 General Rules Purpose Scope Normative Reference Definitions... 5 Part 2 General Requirements for Testing Laboratories (Accreditation Scope: Information Technology - Common Criteria Evaluation) General Scope of Management System (ISO/IEC clause 4.1.3) Technical Records (ISO/IEC clause ) Competence and Qualification of Personnel (ISO/IEC clauses h), and 5.2.1) Education / Training of Personnel (ISO/IEC clause 5.2.2) Facility and Environmental Condition (ISO/IEC clauses 4.1.5c) and 5.3) Evaluation Methods (ISO/IEC clause 5.4.1) Non-standard Methods (ISO/IEC clause 5.4.4) Validation of Methods (ISO/IEC clause ) Estimation of Uncertainty of Measurement (ISO/IEC clause 5.4.6) Possession of Equipment (ISO/IEC clause 5.5.1) Maintenance of Equipment (ISO/IEC clause 5.5.2) Measurement Traceability (ISO/IEC clause 5.6) Sampling (ISO/IEC clause 5.7) Handling and Identifying of Evaluation Items (ISO/IEC clause 5.8.2) Handling and Storage of Evaluation Items (ISO/IEC clause 5.8.4) General Requirements for Reporting the Results (ISO/IEC clause ) Evaluation Technical Reports (ISO/IEC clauses , and )...14 Part 3 General Requirements for Testing Laboratories (Accreditation Scope: Information Technology - Cryptographic Module Testing) General Scope of Management System (ISO/IEC clause 4.1.3) Technical Records (ISO/IEC clause ) Competence and Qualification of Personnel (ISO/IEC clauses 4.1.5h) and 5.2.1) Education / Training of Personnel (ISO/IEC clause 5.2.2) Facility and Environmental Condition (ISO/IEC clauses 4.1.5c) and 5.3) Test Methods (ISO/IEC clause 5.4.1) Non-standard Methods (ISO/IEC clause 5.4.4)...19

3 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 3/ Validation of Methods (ISO/IEC clause ) Estimation of Uncertainty of Measurement (ISO/IEC clause 5.4.6) Possession of Equipment (ISO/IEC clause 5.5.1) Maintenance of Equipment (ISO/IEC clause 5.5.2) Measurement Traceability (ISO/IEC clause 5.6) Sampling (ISO/IEC clause 5.7) Handling and Identifying of Test Items (ISO/IEC clause 5.8.2) Handling and Storage of Test Items (ISO/IEC clause 5.8.4) General Requirements for Reporting the Results (ISO/IEC clause ) Test Reports (ISO/IEC clauses , and )...22 Part 4 Miscellaneous Obligations Necessary Procedure for Accreditation Application Periodic Confirmation of Technical Competence Notification of Change Notification of Succession Contract Assessment Notification of Abolishment Suspension of Accreditation Withdrawal of Accreditation Requirements for Handling of Accreditation Symbol...27 Supplementary Provision... 29

4 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 4/29 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology Part 1 General Rules 1.1 Purpose This regulation intends to specify the necessary requirements for the testing laboratory which perform a Common Criteria Evaluation or a Cryptographic Module Testing (hereafter referred to as testing laboratory ) applying for accreditation and for the accredited testing laboratory to maintain its accreditation status in the Accreditation System of National Institute of Technology and Evaluation (hereinafter referred to as ASNITE ) managed by the International Accreditation Japan (hereinafter referred to as accreditation body ) of National Institute of Technology and Evaluation (hereinafter referred to as NITE ). 1.2 Scope This regulation is applied to the testing laboratory which desires to have an accreditation of ASNITE (hereinafter referred to as applicant ) and the testing laboratory accredited for ASNITE (hereinafter referred to as accredited laboratory ) The accreditation scopes of the testing laboratory to which this regulation is applied are as specified in the following table. Accreditation Scope Cf. in Certification Scheme Information Common Criteria Evaluation Evaluation Facility in JISEC (Note 1) Technology Cryptographic Module Testing Testing Laboratory in JCMVP (Note 2) (Note 1) JISEC: Japan Information Technology Security Evaluation and Certification Scheme (Note 2) JCMVP: Japan Cryptographic Module Validation Program The requirements for the accreditation of ASNITE will become clearer when this regulation is read together with the following regulations, issued by Information-technology Promotion Agency, Japan (hereinafter referred to as IPA ); (1) Basic Regulation of Japan Information Technology Security Evaluation and Certification Scheme (CCS-01) (2) Regulation about application procedure for approval of Information Technology Security Evaluation Facility (CCM-03) (3) Basic Regulation of Japan Cryptographic Module Validation Program (JCM-01) (4) Regulation about application procedure for approval of Cryptographic Module Testing Laboratory (CBM-03) 1.3 Normative Reference This regulation refers to the latest version of the following international standards and Japanese Industrial Standards. These international standards may be replaced by the Japanese Industrial Standards provided that they were prepared through translation of those international standards

5 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 5/29 without changing the technical content and the format of the standard formation. (1) ISO/IEC Conformity Assessment-Vocabulary and general principles (2) ISO/IEC General requirements for the competence of testing and calibration laboratories (3) ISO/IEC Guide 43-1 Proficiency testing by interlaboratory comparisons-part 1: Development and operation of proficiency testing schemes (4) ISO/IEC Guide 43-2 Proficiency testing by interlaboratory comparisons-part 2: Selection and use of proficiency testing schemes by laboratory accreditation bodies (5) ISO/IEC Conformity assessment-general requirements for accreditation bodies accrediting conformity assessment bodies (6) ISO/IEC Information technology-security techniques-evaluation criteria for IT security-part 1: Introduction and general model (7) ISO/IEC Information technology-security techniques-evaluation criteria for IT security-part 2: Security functional requirements (8) ISO/IEC Information technology-security techniques-evaluation criteria for IT security -Part 3: Security assurance requirements (9) ISO/IEC Information Technology-Security Techniques- Methodology for IT Security Evaluation (10) ISO/IEC Information technology-security techniques-security requirements for cryptographic modules (11) JIS X 5091 Information Technology - Security Technique - Security Test Requirements for Cryptographic Modules 1.4 Definitions CC Certification Body : means the certification body of IPA which carries out certification for the evaluation of TOE and PP and examination for the evaluation of ST, in accordance with JISEC. CC Certification Body certifies TOE and PP and confirms ST by verifying conformity to IT security evaluation criteria specified in clause based on the evaluation technical report, etc. submitted by the evaluation facility specified in clause CM Certification Body : means the certification body of IPA which certifies the cryptographic module in accordance with JCMVP. CM Certification Body certifies the cryptographic module and examines the result of the cryptographic algorithm testing by verifying conformity to the security requirements for the cryptographic module as specified in clause based on the test reports, etc. submitted by the testing laboratory as specified in clause Evaluation Facility : means the accredited laboratory whose accreditation scope is a common criteria evaluation. The evaluation facility evaluates TOE, PP, etc CM Testing Laboratory : means the accredited laboratory whose accreditation scope is a cryptographic module testing. The CM testing laboratory tests the cryptographic module and the cryptographic algorithm by use of the cryptographic algorithm test tool rented from the CM Certification Body IT Security Evaluation Criteria : are criteria to be used for the common criteria evaluation and

6 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 6/29 mean the following including Interpretation of IT Security Evaluation Criteria as specified in clause (hereinafter referred to as CC ). (1) ISO/IEC , ISO/IEC and ISO/IEC (2) Common Criteria for Information Technology Security Evaluation i) Part 1: Introduction and general model ii) Part 2: security functional requirements iii) Part 3: Security assurance requirements (3) Translated document in clause (2) above published by CC Certification Body. In the case of use of the translated document, if some terms used in the translated document are different from those used in JIS, please refer to the comparison table attached to the translated document Interpretation of IT Security Evaluation Criteria : is an interpretation published by CC Certification Body, which shall be used together with IT security evaluation criteria IT Security Evaluation Method : are methodologies to be used for the common criteria evaluation and mean the following including Interpretation of IT Security Evaluation Method specified in clause (hereinafter referred to as CEM ). (1) ISO/IEC (2) Common Methodology for Information Technology Security Evaluation (3) The translated document in clause (2) above published by CC Certification Body. In the case of use of the translated document, if some terms used in the translated document are different from those used in JIS, please refer to the comparison table attached to the translated document Interpretation of IT Security Evaluation Method : means an interpretation published by CC Certification Body, which shall be used together with IT Security Evaluation Method Sponsor: means the party who applies for the common criteria evaluation and certification based on JISEC Cryptographic module: means the hardware, the software, the firmware and/or the integration of them which has a cryptographic module security function (a cryptographic algorithm having a moving mode) approved by CM Certification Body and performs encryption within the physical cryptographic boundary explicitly predefined Security requirements for cryptographic module: are security requirements for the cryptographic module and its cryptographic algorithm, which mean the followings: (1) ISO/IEC (2) Documents equivalent to those as specified in clause(s) (1) published by CM Certification Body Test requirements for cryptographic module: are test requirements for the cryptographic module and its cryptographic algorithm, which mean the following: (1) Criteria for the test requirements for the cryptographic module specified by ISO and IEC (2) JIS X 5091 (3) Documents equivalent to those as specified in clause(s) (1) and/or (2) published by CM Certification Body Test requirements for cryptographic algorithm: are requirements for the cryptographic algorithm testing carried out as a part of the cryptographic module testing, which mean the

7 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 7/29 documents published by CM Certification Body Operation guidance: means JCMVP operation guidance published by CM Certification Body Verification: means to confirm compliance with the requirements of the regulation by the inspection and the presentation of the proof For the purpose of the regulation, the terms specified in clauses to mentioned above and the appropriate definitions among those specified in ISO/IEC 15408, ISO/IEC 17000, and ISO/IEC shall be applied. Part 2 General Requirements for Testing Laboratories (Accreditation Scope: Information Technology - Common Criteria Evaluation) 2.1 General The accreditation body shall apply appropriate clauses of ISO/IEC to the applicants and the evaluation facilities as general requirements for the accreditation of ASNITE (the accreditation scope: Information Technology - Common Criteria Evaluation) The accreditation Body shall make the regulations specified in the Part 2 herein a policy of applying general requirements based on the regulations in clause Scope of Management System (ISO/IEC clause 4.1.3) The applicants and the evaluation facilities shall identify a scope of the management system in writing (the quality manual, etc.). Particularly the scope subject to accreditation, in the case of the CC version 3, shall be either one among the following (1) through (4). In addition, an accreditation application can not make in the CC version 2.3 or earlier used as the old standard on and after April 1, Moreover, the security component of Security Target Evaluation (Class ASE) is contained in each EAL of the CC version 3. (1) Class APE, EAL 1 and EAL 2 (2) Class APE, EAL 1, EAL 2 and EAL 3 (3) Class APE, EAL 1, EAL 2, EAL 3 and EAL 4 (4) Class APE, EAL 1, EAL 2, EAL 3, EAL 4 and EAL 5 Note: Consult with the accreditation body, when the applicants will make an accreditation application by the CC version 2.3 or earlier by March 31, Technical Records (ISO/IEC clause ) The applicants and the evaluation facilities shall make a retention period of the technical records appropriate, considering the Sponsor s retention period of materials, etc. returned from the evaluation facilities and the procedure for continuing assurance, etc. Note: According to the basic regulation of JISEC (CCS-01), it is the Sponsor s obligation to retain the materials, etc. returned from the evaluation facilities for a necessary period or to have the developer retain them for the same period by the contract, etc., if they belong to the developer. It may be a good practice to retain for 5 years considering the use condition of TOE evaluated in the market.

8 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 8/ Competence and Qualification of Personnel (ISO/IEC clauses h), and 5.2.1) Competence of Technical Management of Applicants and Evaluation Facilities (1) The technical management shall have full responsibility for technical matters of the evaluation. (2) The technical management shall have sufficient technical knowledge for the evaluation and competence of the correct examination of the evaluation results. (3) The technical management shall have the following knowledge and competence of doing the education/training and suitable supervising/direction to the evaluators. i) General requirements for IT security evaluation including preparation of the evaluation technical report ii) Knowledge for CC iii) Knowledge for CEM (4) The manager (the technical manager or his deputy) of the technical management should have the following knowledge or the experience of the development of IT products, etc. or in the field for the evaluation work including ST drawing up for three years or more. It may substitute for the following knowledge or the experience of the development of IT products, etc., to pass the examination for the basic information technology engineers conducted by Japan Information-technology Engineers Examination Center, IPA or the equivalent or better examination (hereinafter referred to as IT engineer examination). i) Computer Science ii) Computer Engineering iii) Computer Security iv) Operating system v) Algorithm and Data Construction vi) Database System vii) Programming Language viii) Computer System Architecture ix) Network (5) The knowledge of (2) through (4) above, the experience, etc. should be the latest Competence and Qualification of Evaluators of Applicants and Evaluation Facilities (1) The evaluators shall have the internal qualification for the evaluation. (2) The evaluators shall have the knowledge specified in clause 2.4.1(3) and the criteria of the internal qualification shall be adequate. (3) The evaluators should have the knowledge or the experience of the development of IT products, etc. or in the field for the evaluation including ST drawing up for one year or more, as specified in clause 2.4.1(4). It may substitute for this knowledge or the development of IT products, etc., to pass the IT engineer examination described in the second clause of (4). (4) The knowledge and the experience, etc. of (2) through (3) above should be the latest Grant of Qualification by CC Certification Body

9 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 9/29 (1) The evaluation facilities shall have good results in the evaluation conducted under supervision of CC Certification Body for the purpose of grant of the evaluators qualification (the trial evaluation), and have one or more evaluators granted the qualification by CC Certification Body. (2) The scope of the qualification grant in (1) mentioned above shall include all of the accreditation scope specified in clause Education / Training of Personnel (ISO/IEC clause 5.2.2) The management of the applicants and the evaluation facilities shall have a policy and procedures for providing the education/training for the personnel including the evaluators. This education/training program shall be adequate for the evaluation work of the applicants and the evaluation facilities The education/training program in clause shall at least focus on the matters specified in clause 2.4.1(3). Also, if necessary for the evaluation work, the education/training for the matters of clause 2.4.1(4) shall be carried out. These education/trainings shall be periodically and deliberately carried out for the evaluator so as to enable to continue a suitable evaluation and to correspond to the latest technology. 2.6 Facility and Environmental Condition (ISO/IEC clauses 4.1.5c) and 5.3) Protection of customer s confidential information and proprietary rights (1) The applicants and the evaluation facilities themselves shall manage at least the following facilities, etc., and have the policy and procedures for protection of its customer s confidential information and proprietary rights; i) Facility for carrying out the evaluation (the evaluation room) ii) Storing place of the confidential information for the evaluation iii) Facility provided with tools for transmittal of the confidential information for the evaluation (FAX, Electronic mail, etc.) Note: ii) and iii) mentioned above may be placed in i) hereinabove, or in the different place from i) hereinabove. In either case, the protection of its customer s confidential information and proprietary rights shall be adequate. (2) The applicants and the evaluation facilities shall have a suitable evaluation room required for evaluation works from the viewpoint of security of the protection of its customer s confidential information and proprietary rights. (3) The policy and procedures for the storing place should include at least the following matters; i) Not to bring out the confidential information for the evaluation, except for the unavoidable case (e.g. the case of carrying out the evaluation at the Sponsor s site, the case of communication with CC Certification Body, etc.). ii) To abolish the confidential information for the evaluation, in an unrecoverable condition, or erase it when it is not needed. If necessary, it shall be surely returned to the Sponsor, etc. (Example) The examples of the abolishment or erasure in unrecoverable condition are the abolishment by a shredder, etc., or dissolution by a paper dissolution treatment device for paper

10 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 10/29 mediums, and initialization or physical destruction for electronic mediums. (4) The applicants and the evaluation facilities shall ensure to protect confidential information in the transmittal route including the sending side and the receiving side in the case of transmitting the confidential information for the evaluation. If the protection is not ensured in the partial or whole transmittal route, the means of protecting the confidential information shall be taken. (Example) The way of the protection in the case of sending/receiving may be to include the confidential information in the attached file instead of including it in the mail text and to encrypt such attached file. (Example) The way of the protection in the case of sending the confidential information by FAX in unavoidable case may be to have the receiver wait for such information in front of the FAX machine in advance by the telephone arrangement before sending. (5) The applicants and the evaluation facilities shall maintain the ethics regulation for protection of sponsor s confidential information and proprietary rights Facility for carrying out Evaluation and its Environmental Condition (1) When the applicants and the evaluation facilities carry out the evaluation in the place other than a permanent facility (e.g. the Sponsor s site, etc.), they shall enable their environment to comply with the general requirement specified in clause 5.3 of ISO/IEC (2) When the applicants and the evaluation facilities carry out the evaluation in the environment with possibility of having an access from an unauthorized party, they shall control the evaluation environment in such a manner that such access can be prohibited during evaluating. The network included in such evaluation environment shall be provided with the control mechanism: for example, isolation from the external network and prohibition of the access to the network from an unauthorized party, at least during evaluating. 2.7 Evaluation Methods (ISO/IEC clause 5.4.1) The applicants and the evaluation facilities shall use CC as the evaluation criteria and CEM as the evaluation methods If CC and CEM are not able to be used for the evaluation of the particular IT products or system as they are, the applicants and the evaluation facilities shall have separate documented procedures that are consistent with the specifications of CC and CEM as appropriate. 2.8 Non-standard Methods (ISO/IEC clause 5.4.4) The guidance documents published by CC Certification Body for application to the common criteria evaluation shall be deemed as standard methods and not fall under the non-standard methods When the applicants and the evaluation facilities adopt the non-standard methods which are not specified in CEM, they shall adopt the one whose adequacy has been confirmed by CC Certification Body based on the Sponsor s agreement without fail, and describe its details in the evaluation technical report. The followings will fall under the non-standard methods; (1) The evaluation methods for the assurance component over EAL 4 of CC Ver. 2 series

11 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 11/29 (2) Change of the standard methods (e.g. combination of standards, application of standards over the scope, change/expansion of standard, etc.) Some matters of the information of ISO/IEC clause Note a) to k) are not applicable to the common criteria evaluation. 2.9 Validation of Methods (ISO/IEC clause ) A few techniques for the determination of the performance of methods of ISO/IEC clause Note 2 such as calibration using reference standards or reference materials may not be applicable to the common criteria evaluation Estimation of Uncertainty of Measurement (ISO/IEC clause 5.4.6) ISO/IEC clause does not apply in the common criteria evaluation Possession of Equipment (ISO/IEC clause 5.5.1) The applicants and the evaluation facilities shall possess the necessary equipment for the evaluation by means of purchase, lease or rental and maintain it so that they can use it at any time. The equipment shall include the software evaluation tool, the test tool and other evaluation instruments to be used by the applicants and the evaluation facilities for the evaluation If the software evaluation tool or test tool is of the software, the applicants and the evaluation facilities shall ensure conformity of the software to ISO/IEC clause When the applicants and the evaluation facilities temporarily use the equipment other than the one permanently managed by the evaluation facilities, including the equipment owned by customers such as the Sponsors, for the evaluation, they shall ensure conformity of the equipment to ISO/IEC clause 5.5 by making an contract with customers, etc. such as the Sponsors. Note: The contract shall have a necessary and sufficient content. For example, when it is necessary to use the equipment owned by the Sponsors again for re-evaluation, it is sufficient to ensure re-creation of the same environment for evaluation as that of the initial evaluation, and it may not be necessary for the contract to require maintenance/storage of the tool used in the initial evaluation Maintenance of Equipment (ISO/IEC clause 5.5.2) The applicants and the evaluation facilities shall maintain the equipment to be used for the evaluation according to the following: (1) Recommendation by the manufacturer (2) Procedures documented by the applicants and the evaluation facilities, if applicable The applicants and the evaluation facilities shall verify the equipment to ensure that the evaluation activity will not be disturbed and integrity of the security function of IT products and systems in the evaluation is not damaged. Note: The verification of the equipment to be used for evaluation is a means to confirm that the difference between the value indicated by the equipment and the known value of measurement

12 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 12/29 corresponding to the equipment is always smaller than the maximum permissible difference defined by standards, statutes or the regulated specification of such equipment. As a result of the verification, it is necessary to judge whether recovering the function for use, adjusting, repairing, or removing from use or disposing Measurement Traceability (ISO/IEC clause 5.6) For the equipment which has significant influence on accuracy or validity of the result of the evaluation, the applicants and the evaluation facilities shall ensure measurement traceability to International System of Units (SI) by having an established calibration plan and performing a proper calibration. This traceability shall also be ensured when the subcontract of the evaluation is made based on ISO/IEC clause 4.5 or when the equipment of the customers is used according to clause The equipment which has significant influence on accuracy or validity of the result of the evaluation herein shall mean the measurement instrument and its reference standard, which are inevitable for ensuring traceability of the result of the evaluator testing (independent testing), to be used for the evaluators testing for the evaluation. Note: The example of the equipment for which secure traceability is required is as follows: (1) The thermometer to be used for the evaluators testing of the smartcard to confirm that the smartcard can endure -200 for usage (2) The standard voltage generation device, etc. to be used for verification of the power meter for DPA (Differential Power Analysis) which is an evaluation tool The applicants and the evaluation facilities shall retain the records which will be evidences of traceability mentioned in clause If possible, they shall prove traceability of the measurement by either of the following records; (1) The calibration certificate issued by National Metrology Institute under CIPM-MRA (Note 1) or the equivalent calibration certificate (Note 2) (2) The calibration certificate with JCSS logo attached (Note 3) or the calibration certificate with JCSS accreditation symbol attached (Note 4) (3) The calibration certificate with ASNITE accreditation symbol attached issued by the calibration laboratory accredited by ASNITE calibration (Note 5) (4) The calibration certificate with the accreditation symbol attached issued by the calibration laboratory accredited by the accreditation body signing ILAC (Note 6) MRA (5) The certificate of certified reference materials issued by reference materials producers accredited by ASNITE-RM (Note 7) (Note 1) CIPM-MRA: MRA (Mutual Recognition Arrangement) of the national metrology standard and the calibration certificate, made between National Metrology Institutes under CIPM (Com te International des Poids et Mesures:) (Note 2) Equivalent calibration certificate: It includes the calibration certificate issued by National Metrology Institute in overseas. In this case, that National Metrology Institute needs to participate in CIPM-MRA in the field of performing the calibration, and to have good results in the key

13 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 13/29 comparison of CIPM, APMP, etc. (the comparison of the metrology standard between the international laboratories of National Metrology Institute). This certificate includes the calibration certificate with ASNITE-NMI (Note 8) accreditation symbol attached. (Note 3) The calibration certificate with JCSS mark attached: This is issued by JCSS (Japan Calibration Service System) registered laboratory. (Note 4) The calibration certificate with JCSS accreditation symbol attached: This is issued by JCSS accredited laboratory. (Note 5) ASNITE calibration: ASNITE Subprogram for Calibration Laboratories (Note 6) ILAC: International Laboratory Accreditation Cooperation (Note 7) ASNITE-RM: ASNITE Subprogram for Reference Materials Producers (Note 8) ASNITE-NMI: ASNITE Subprogram for National Metrology Institute ISO/IEC clause shall not be applicable in the common criteria evaluation Traceability to agreed methods specified in ISO/IEC clause shall be applicable in traceability of the whole evaluation in the common criteria evaluation. In this case, it is interpreted as the evaluation activity shall be traceable to matters stipulated as the evaluation elements in CC and matters stipulated as the evaluators action in CEM. Note: When the evaluation activity was certified by CC Certification Body based on the evaluation of the evaluation facilities and its evaluation result, it is said that it was proved by CC Certification Body that it was traceable to CC and CEM Sampling (ISO/IEC clause 5.7) ISO/IEC clause 5.7 shall not be applicable in the common criteria evaluation Handling and Identifying of Evaluation Items (ISO/IEC clause 5.8.2) The applicants and the evaluation facilities shall protect the evaluation deliverable (including PP, ST, TOE, documents produced by the developers, etc. and hereinafter it has the same meaning.) not to be altered unduly or not to be used by unauthorized parties access The applicants and the evaluation facilities shall maintain the system for identifying the evaluation items so as not to confuse the individual TOE, the evaluation platform and the peripheral equipment and their related records, when they have to evaluate plural TOE s at same time Handling and Storage of Evaluation Items (ISO/IEC clause 5.8.4) The applicants and the evaluation facilities shall have an ownership protection system for the evaluation deliverable. This system shall be sufficient for the protection of the entity (eg. person, party, system) whose ownerships belong to the Sponsors (e.g. the hardware, the software, the evaluation data, the documents and records by the paper or electronic medium, the other materials, etc.) The system mentioned in clause shall be to protect the items whose ownerships belong to the Sponsors, etc. from visitors to the applicants or the evaluation facilities and the relevant personnel without any necessity of having the related information or any authorization.

14 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 14/ When TOE or a part thereof consists of the software, the applicants and the evaluation facilities shall have a configuration management system, adequately manage the system and ensure its adequacy so that the part of the software may not be altered carelessly or unduly General Requirements for Reporting the Results (ISO/IEC clause ) In the common criteria evaluation, the evaluation technical report shall fall under the test reports of ISO/IEC clause The format of the evaluation technical report shall be determined by the applicants and the evaluation facilities, and shall be the one notified to the accreditation body The applicants and the evaluation facilities shall publish the evaluation technical report for the evaluation carried out. The evaluation technical report to be submitted to the Sponsors shall satisfy the necessary matters in the contract with the Sponsors and requirements of this document. The applicants and the evaluation facilities shall be able to submit the proofs supporting the results of the evaluation When the result of the evaluation outside of the accreditation scope (e.g. the evaluation for the assurance component over EAL 5 of CC Ver.2) is included in the evaluation technical report with the accreditation symbol attached, it shall be identified that this evaluation result is a result of the evaluation outside of the accreditation scope Evaluation Technical Reports (ISO/IEC clauses , and ) The applicants and the evaluation facilities shall notify the accreditation body of the person who has responsibility of issue (approval) of the evaluation technical report. The responsible person for issue of the evaluation technical report shall sign or seal the persons name on the evaluation technical report. Also, considering absence of the responsible person for the issue of the evaluation technical report, the deputy shall be designated (Please refer to ISO/IEC clause Note) For the date of the evaluation of TOE, etc., all of the dates for evaluation (or period is allowed) or the final date of the evaluation period shall be entered Multiple copies of the evaluation technical report may be issued for one TOE, etc. In this case, each report needs its unique identification. Duplicate of the report shall be in accordance with the regulation specified in clause (2) ISO/IEC clause shall not apply to the common criteria evaluation. Part 3 General Requirements for Testing Laboratories (Accreditation Scope: Information Technology - Cryptographic Module Testing) 3.1 General The accreditation body shall apply the relevant provisions of ISO/IEC to the applicants and the CM testing laboratories as general requirements for the accreditation of ASNITE (the accreditation scope: Information Technology - Cryptographic Module Testing) The accreditation body shall take the regulations in the part 3 as the application policy of

15 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 15/29 general requirements based on the regulations specified in clause Scope of Management System (ISO/IEC clause 4.1.3) The applicants and the CM testing laboratories shall identify the scope in writing (the quality manual, etc.). Particularly for the scope subject to accreditation, they shall identify the type of the test service (the cryptographic module testing, the cryptographic algorithm testing and the test procedures thereof) to handle and the type of the cryptographic module to handle. 3.3 Technical Records (ISO/IEC clause ) The applicants and the CM testing laboratories shall make the retention period of the technical records adequate, considering the customers retention period of the materials, etc. returned from the CM testing laboratories and the retention period requested by the customers. Note: It may be one of the good practices to retain for 5 years after considering the use condition of the cryptographic module tested in the market The applicants and the CM testing laboratories shall determine the retention period of at least the following technical records and retain them: (1) The records of the version and the update of the software (2) The records for the test method and the test data i) The records for the policy and the condition of test ii) Conformity/non-conformity of the cryptographic module submitted for test to the cryptographic module security requirements iii) The comprehensive records for traceability of the test items and the test activity iv) The copy of the test data (if appropriate, including the drawing, the test suite of the cryptographic algorithm, the photograph, the image, etc.) and the copy of the formal test reports v) The telecommunication files including the question from the CM testing laboratories to CM Certification Body and the answer thereof (3) The reference standard, the test equipment and the testing instruments and the records of calibration or verification thereof i) The name and its supplemental explanation ii) The type, the form, the serial number, and the other identification iii) The name of the manufacturer iv) The receiving date and the date of starting operation v) The present location of installation (if appropriate) vi) The status at the time of receiving (a new product, a secondhand product, a repaired product, etc.) vii) The copy of the instruction by the manufacturer, (if available) viii) Traceability of the measurement and the reason thereof (the calibration certificate) ix) The scope of the calibration or the verification x) Resolution and permissible error xi) The effective period of the calibration or the verification

16 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 16/29 xii) Matters for the maintenance carried out up to now and planned from now on xiii) The history of damages, malfunctions, changes or repairs xiv) The problems for the test equipment, the test device or the test system in combination thereof, the records showing the fact that these were taken off from the test, the records showing correction or resolution of the problems, etc. xv) Identification of the personnel of the CM testing laboratories or the external contractors in charge of the calibration or the verification, 3.4 Competence and Qualification of Personnel (ISO/IEC clauses 4.1.5h) and 5.2.1) Competence of Technical Management of Applicants and CM Testing Laboratories (1) The technical management shall have full responsibility for technical matters of the test. (2) The technical management shall have sufficient technical knowledge for the test and competence of the correct evaluation of the test results. (3) The technical management shall have the following knowledge and competence of doing the education/training and suitable supervising/direction to the testing personnel. i) General requirements for the cryptographic module testing including preparation of the test reports using the tool rented from CM Certification Body for the purpose of supporting preparation of the cryptographic module test reports ii) Knowledge for the cryptographic module security requirements iii) Knowledge for the cryptographic module test requirements iv) Knowledge for the cryptographic algorithm test requirements v) Knowledge for the operation guidance (4) The manager (the technical manager or the deputy) of the technical management should have the following knowledge and the experience in the field for the test for two years or more. i) Hardware platform (in the case of the software base cryptographic algorithm) ii) Measurement of the voltage and the temperature in EFP/EFT (environmental fault protection/environmental fault test) iii) Computer security iv) Analysis of FSM (Finite State Machine) model v) Alteration prevention and alteration detection technique vi) Software design specification of the high-grade program language and the form model vii) Cryptographic self test technology viii) Cryptographic algorithm and cryptograph related technical knowledge for the cryptographic module security requirements (including handling of the tool rented from CM Certification Body for the purpose of performing the cryptographic algorithm testing) ix) Operating system x) IT security evaluation criteria and common methodology for IT security evaluation xi) Handling and maintenance of the tool rented from CM Certification Body for the purpose of supporting production of the cryptographic module test reports xii) Internet and network

17 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 17/29 (5) The knowledge of (2) through (4) above and the experience should be the latest Competence and Qualification of Personnel for the Test of Applicants and CM Testing Laboratories (1) The personnel for the test shall have the internal qualification for the test. (2) The personnel for the test shall have the knowledge specified in clause 3.4.1(3) and the criteria of the internal qualification shall be adequate. (3) The personnel for the test should have the knowledge specified in clause 3.4.1(4) and the experience in the field for the test for one year or more. (4) The knowledge of (2) through (3) above and the experience, etc. should be the latest. 3.5 Education / Training of Personnel (ISO/IEC clause 5.2.2) The management of the applicants and the CM testing laboratories shall have the policy and procedures for providing the education/training for the personnel including the personnel for the test. This education/training program shall be adequate for the test work of the applicants and the CM testing laboratories The education/training program in clause shall at least focus on the matters of clause 3.4.1(3). Also, if necessary for the test work, the education/training for the matters of clause 3.4.1(4) shall be carried out. These education/trainings shall be periodically and deliberately carried out to the personnel for the test so as to enable to continue a suitable test and to correspond to the latest technology. 3.6 Facility and Environmental Condition (ISO/IEC clauses 4.1.5c) and 5.3) Protection of customer s confidential information and proprietary rights (1) The applicants and the CM testing laboratories themselves shall manage at least the following facilities, etc. and have the policy and procedures for protection of customer s confidential information and proprietary rights: i) Facility for carrying out the test (the testing room) ii) Storing place of the confidential information for the test iii) Facility provided with tools for transmittal of the confidential information for the test (FAX, Electronic mail, etc.) Note: ii) and iii) mentioned above may be placed in i) hereinabove, or in the different place from i) hereinabove. In either case, the protection of its customer s confidential information and proprietary rights shall be adequate. (2) The applicants and the CM testing laboratories shall have a suitable the testing room required for test works from the viewpoint of security of the protection of its customer s confidential information and proprietary rights. (3) The policy and procedures for the storing place should include at least the following matters; i) Not to bring out the confidential information for the test, except for the unavoidable case (e.g. the case of carrying out the test at the customer s site, the case of communication with CM Certification Body, etc.).

18 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 18/29 ii) To abolish the confidential information for the test, in an unrecoverable condition, or erase it when it is not needed. If necessary, it shall be surely returned to the Sponsor, etc. (Example) The examples of the abolishment or erasure in unrecoverable condition are the abolishment by a shredder, etc., or dissolution by a paper dissolution treatment device for paper mediums, and initialization or physical destruction for electronic mediums. (4) The applicants and the CM testing laboratories shall ensure to protect confidential information in the transmittal route including the sending side and the receiving side in the case of transmitting the confidential information for the test. If the protection is not ensured in the partial or whole transmittal route, the means of protecting the confidential information shall be taken. (Example) The way of the protection in the case of sending/receiving may be to include the confidential information in the attached file instead of including it in the mail text and to encrypt such attached file. (Example) The way of the protection in the case of sending the confidential information by FAX in unavoidable case may be to have the receiver wait for such information in front of the FAX machine in advance by the telephone arrangement before sending. (5) The applicants and the CM testing laboratories shall maintain the ethics regulation for protection of customer s confidential information and proprietary rights Facility for carrying out Test and its Environmental Condition (1) The applicants and the CM testing laboratories shall maintain at least the following facilities as a testing environment: i) Environment for using the electronic mail satisfying the conditions of clause 3.6.1(1) iii) ii) Environment for use of internet (for access to the information for the test and the list of certified products, sent by CM Certification Body) (2) When the applicants and the CM testing laboratories carry out the test in the place other than their permanent facility (e.g. the customer s site, etc.), they shall enable its environment to comply with the general requirement of ISO/IEC clause 5.3. (3) When the applicants and the CM testing laboratories carry out the test in the environment with possibility of having an access from unauthorized parties, they shall control the testing environment in such a manner that such access can be prohibited during the test. The network included in such evaluation testing environment shall be provided with the control mechanism such that isolation of it from the external network or prohibition of the access to the network from unauthorized parties, at least during the test. 3.7 Test Methods (ISO/IEC clause 5.4.1) The applicants and the CM testing laboratories shall use the cryptographic module testing requirements, the cryptographic algorithm testing requirements and the operation guidance as test methods If necessary, the applicants and the CM testing laboratories shall have separate documented procedures that are consistent with the specifications of test methods.

19 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 19/ Non-standard Methods (ISO/IEC clause 5.4.4) The guidance documents published by CM Certification Body for application to the cryptographic module testing shall be deemed as standard methods and not fall under the non-standard methods When the applicants and the CM testing laboratories adopt the non-standard methods which are not specified in accordance with the methods specified in clause 3.7.1, they shall adopt it based on the customer s agreement without fail, and describe its details in the test reports Some matters of the information of ISO/IEC clause Note a) to k) do not apply to the cryptographic module testing/certification. 3.9 Validation of Methods (ISO/IEC clause ) A few techniques fr the determination of the performance of methods of ISO/IEC clause Note 2 such as calibration using reference standards or reference materials may not be applicable to cryptographic module testing Estimation of Uncertainty of Measurement (ISO/IEC clause 5.4.6) ISO/IEC clause shall not apply to the cryptographic module testing Possession of Equipment (ISO/IEC clause 5.5.1) The applicants and the CM testing laboratories shall possess the necessary equipment for the cryptographic module testing by means of purchase, lease or rental and maintain it so that they can use it at any time. This equipment shall include the following equipment to be used by the applicants and the CM testing laboratories for the cryptographic module testing. (1) Standard working table (2) Hardware (3) Software (4) Tool for the physical test of security (5) Power source (of variable voltage) (6) Temperature chamber (7) Electric measuring instrument (e.g. the ohm meter, the voltage meter, the power meter, the oscilloscope, the logic analyzer, the thermometer of the temperature chamber, etc.) (8) Tool rented from CM Certification Body for the purpose of the cryptographic algorithm testing (9) Tool rented from CM Certification Body for the purpose of supporting production of the cryptographic module test reports (10) Other testing machinery device (e.g. the testing equipment and the measurement equipment for the physical testing) If the software evaluation tool or test tool is of software, the applicants and the CM testing laboratories shall secure conformity of the said software to ISO/IEC clause The tools in (8) and (9) mentioned above are herein deemed to have been confirmed to have adequate conformity by CM Certification Body within the scope of the design.

20 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 20/ When the applicants and the CM testing laboratories temporarily use the equipment other than the one permanently managed by the CM testing laboratories, including the equipment owned by customers, for the cryptographic module testing, they shall ensure conformity of the equipment to ISO/IEC clause 5.5 by making an contract with customers. Note: The contract shall have a necessary and sufficient content. For example, when it is necessary to use the tool owned by the customers again for re-testing, it is sufficient to ensure re-creation of the same testing environment as that of the initial testing, and it may not be necessary for the contract to require maintenance/storage of the tool used in the initial testing Maintenance of Equipment (ISO/IEC clause 5.5.2) The applicants and the CM testing laboratories shall maintain the equipment to be used for the cryptographic module testing according to the following matters: (1) For tools rented from CM Certification Body, requirements of CM Certification Body (2) Recommendation of the manufacturer (3) Procedures documented by the applicants and the CM testing laboratories, if possible The applicants and the CM testing laboratories shall verify the equipment to ensure that the testing activity will not be disturbed and integrity of the cryptographic module function in the test is not damaged in every respect. Note: The verification of the equipment to be used for the cryptographic module testing is a means for confirmation of that the difference between the value indicated by the equipment and the known value of the measurement corresponding to the equipment is always smaller than the maximum permissible difference defined by standards, statutes or the regulated specification of such equipment. As a result of verification, it is necessary to judge whether recovering the function for use, adjusting, repairing, or removing from use or disposing Measurement Traceability (ISO/IEC clause 5.6) For the equipment which has significant influence on accuracy or validity of the result of the cryptographic module testing, the applicants and the CM testing laboratories shall ensure measurement traceability to International System of Units (SI) by having an established calibration plan and performing a proper calibration. This traceability shall also be ensured when the subcontract of the cryptographic module testing is made based on ISO/IEC clause 4.5 or when the equipment of the customers is used according to the provision in clause The equipment which has significant influence on accuracy or validity of the result of the cryptographic module testing herein shall mean the measurement instrument and its reference standard, which are inevitable for ensuring traceability of the result of the test, to be used for the cryptographic module testing. Note: The example of the equipment needing to secure traceability is the electric measuring instruments in clause (7) mentioned above The applicants and the CM testing laboratories shall retain the records which will be proofs of

21 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 21/29 traceability mentioned in clause If possible, they shall prove traceability of the measurement by either of the following records (for the explanation of Note 1 through Note 7, please refer to clause ): (1) The calibration certificate issued by National Metrology Institute under CIPM-MRA (Note 1) or the equivalent calibration certificate (Note 2) (2) The calibration certificate with JCSS logo attached (Note 3) or the calibration certificate with JCSS accreditation symbol attached (Note 4) (3) The calibration certificate with ASNITE accreditation symbol attached issued by the calibration laboratory accredited by ASNITE calibration (Note 5) (4) The calibration certificate with the accreditation symbol attached issued by the calibration laboratory accredited by the accreditation body signing ILAC (Note 6) MRA (5) The certificate of certified reference materials issued by reference materials producers accredited by ASNITE (Note 7) ISO/IEC clause does not apply to the cryptographic module testing Traceability to agreed methods specified in ISO/IEC clause shall be applicable to traceability of the whole cryptographic module testing. In this case, the agreed methods mean the cryptographic module testing requirements and the cryptographic algorithm testing requirements. Note: The cryptographic module testing carried out by the CM testing laboratories is said to be proved by CM Certification Body to be traceable to the cryptographic module testing (and the cryptographic algorithm testing), when it is certified by CM Certification Body based on the result of such the test Sampling (ISO/IEC clause 5.7) ISO/IEC clause 5.7 does not apply to the cryptographic module testing Handling and Identifying of Test Items (ISO/IEC clause 5.8.2) The applicants and the CM testing laboratories shall protect the test items so as not to be altered unduly or not to be used by unauthorized parties access The applicants and the CM testing laboratories shall maintain the system for identifying the test items so as not to confuse the test items, the testing platform and the peripheral equipment and their related records Handling and Storage of Test Items (ISO/IEC clause 5.8.4) The applicants and the CM testing laboratories shall have an ownership protection system for the test items. This system shall be sufficient for the protection of the items whose ownerships belong to the customers (e.g. the hardware, the software, the test data, the documents and records by the paper or electronic medium, the other materials, etc.) The system mentioned in clause shall be capable of protecting the items whose ownerships belong to the customers from visitors to the applicants or the CM testing laboratories,

22 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 22/29 the relevant personnel without any necessity of having the related information and unauthorized parties When the cryptographic module or a part thereof consists of the software, the applicants and the CM testing laboratories shall have a configuration management system, adequately manage the system and ensure its adequacy so that the part of the software may not be altered carelessly or unduly General Requirements for Reporting the Results (ISO/IEC clause ) The format of the test reports shall be determined by the applicants and the CM testing laboratories, and shall be the one notified to the accreditation body The applicants and the CM testing laboratories shall publish the test reports for the test work carried out. The test reports to be submitted to CM Certification Body shall be prepared by use of the tools rented from CM Certification Body for the purpose of supporting production of the cryptographic module test reports and it shall be the one approved by JCMVP. Also, the test reports to be submitted to the customers shall satisfy the matters required in the contract with the customers and the requirements of this document. The applicants and the CM testing laboratories shall be able to submit the evidences supporting the results of the cryptographic module testing When the result of the cryptographic module testing outside of the accreditation scope is included in the test reports with the accreditation symbol attached, it shall be clearly identified that this test results are results of the cryptographic module testing outside of the accreditation scope Test Reports (ISO/IEC clauses , and ) The applicants and the CM testing laboratories shall notify the accreditation body of the person who has responsibility of issue (approval) of the test reports. The responsible person for issue of the test reports shall sign or seal the name on the test reports. Also, considering absence of the responsible person for the issue of the test reports, the deputy shall be designated (Please refer to ISO/IEC clause Note) For the date of the cryptographic module testing, all of the dates for the test (or the period is allowed) or the final date of the testing period shall be entered Multiple copies of the test reports may be issued for one cryptographic module testing. In this case, each report needs its unique identification. Duplicate of the report shall be in accordance with the provisions specified in clause (2) ISO/IEC clause does not apply to the cryptographic module testing. Part 4 Miscellaneous 4.1 Obligations The applicants and the accredited laboratory shall abide by the following matters: (1) To always comply with the relevant clauses of ISO/IEC (2) To comply with requirements determined by the accreditation body based on the relevant

23 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 23/29 clauses of ISO/IEC (including the payment of the fee determined by the accreditation body). (3) To claim only with respect to the evaluation/test works within the accredited scope in the case of referring to having been accredited. (4) Not to quote its accreditation in such a manner as to bring the accreditation body into disrepute and also not to make any statement of the accreditation for which the accreditation body judges as it may lead to misunderstanding or for activities the accreditation body does not grant the accreditation. (5) To immediately stop using the publications including reference to the accreditation, in the case of temporary suspension of the accreditation or withdraw thereof. (6) To quickly return the accreditation certificate to the accreditation body, in the case of suspension of the accreditation or cancellation thereof. (7) Not to use the accreditation in such a manner as to lead misunderstandings that the quality of the products have been guaranteed by the accreditation body. (8) To make efforts so that the evaluation technical report or the test report or a part thereof be used in a manner of giving misunderstandings. (9) To follow the regulations specified by the accreditation body for the way of quoting the accreditation symbol and the accreditation in the evaluation technical report or the test report, and quoting the accreditation in the media like advertising publications, pamphlets, other documents, etc. (10) To provide necessary accommodation and cooperation in the assessment and the contract assessment carried out by the accreditation body to confirm conformity to the accreditation requirements, and in the assessment of documents, access to the whole area for the accredited evaluation/test works, review of the records, interviewing with the personnel, etc. for the purpose of the resolution of complaints. (11) To complete actions of changing the necessary procedures for complying with the new requirements within the adequate period upon receiving the notice of changes of the accreditation requirements from the accreditation body, and notify the accreditation body of the completion of actions The applicant shall sign and seal its name on the format For Confirmation of General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology and submit it to the accreditation body together with the application documents at the time of application. 4.2 Necessary Procedure for Accreditation Application The applicant shall go through the following procedures in accreditation application. (1) To prepare and submit the accreditation application and the attachment documents (the documents listed in the guide for accreditation application, etc. separately specified). (2) To submit the quality manual and its attachment documents, if required. (3) To accept the on-site assessment (access to the whole area for the accredited evaluation/test works, assessment of the documents, review of the records, interviewing with the personnel, etc.)

24 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 24/29 carried out for confirming conformity to requirements of the accreditation. (4) To improve the matters pointed out as non-conformity to requirements of the accreditation, and report results thereof. (5) To submit the request for suspension of accreditation process to the accreditation body if it becomes necessary to suspend the accreditation application procedure due to the convenience of the applicant during the accreditation application process. (6) To submit the request for discontinuation of the accreditation processto the accreditation body if it becomes necessary to withdraw accreditation application due to the convenience of the applicant during the accreditation application process. (7) To submit the request for correction of accreditation application to the accreditation body if it becomes necessary to correct accreditation application due to the convenience of the applicant during the accreditation application process. 4.3 Periodic Confirmation of Technical Competence When the accreditation body requires a proficiency testing conforming to ISO/IEC Guide 43, the applicants and the accredited laboratory shall undergo any one of the following proficiency testing for each accreditation scopes: (1) The proficiency testing carried out by the accreditation body itself (2) The proficiency testing carried out by the international body for the accreditation such as Asian Pacific Laboratory Accreditation Cooperation (APLAC) (3) The proficiency testing carried out or approved by the accreditation body signing International Laboratory Accreditation Cooperation (ILAC)/MRA, APLAC/MRA (4) The proficiency testing approved by the accreditation body, for National Agency, IPA, National Institute of Advanced Industrial Science and Technology, the workshop for IT Security Evaluation, etc., the well-known foreign agency or the academic conferences, etc. (5) The proficiency testing by which the applicant or the accredited laboratory itself can prove its technical competence for each accreditation scope and which was approved by the accreditation body in advance. 4.4 Notification of Change When changes of the laboratory status or the operation occur and they fall under any of the following, the accredited laboratory shall submit the notification of accreditation change to the accreditation body within about 30 days after such changes occur: (1) In the case where the name or address of the accredited laboratory was changed. The change of the address includes the change of the location of premises (movement of the accredited laboratory) and the change of the address denotation (2) In the case where the documents specifying the matters for the way of performing the accredited evaluation/test works (including the procedures and the quality manual) were changed (3) In the case where the equipment to be used for the accredited evaluation/test works, the facility, the organization and the employees were changed

25 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 25/29 (4) In the case where the security assurance components of the accredited scope in the accreditation scope of common criteria evaluation were changed (provided that it shall be reapplication, for increasing the figures of EAL). 4.5 Notification of Succession When the accredited laboratory assigns all of their accredited evaluation/test works or it is merged, the incorporation to which all of the works are assigned or the incorporation after merger may succeed the status of the accredited laboratory The party who succeeded the status of the accredited laboratory as in clause shall go though the following procedures in addition to the notification of changes in clause 4.4; (1) The incorporation which succeeded the status of the accredited laboratory by taking over all of the works shall submit the notification of accreditation assignment. (2) The incorporation which succeeded the status of the accredited laboratory by the merger shall submit the notification of accreditation succession. 4.6 Contract Assessment The accredited laboratory shall accept the contract assessment carried out by the accreditation body for confirmation of continuing conformity to accreditation requirements. There are a periodical assessment (periodic partial surveillance and re-assessment) and an extraordinary assessment in the contract assessment The accreditation body shall perform the first periodical partial surveillance in principle within one year after the accreditation. The partial surveillance shall be made for the following matters out of all requirements of ISO/IEC (1) Confirmation of improvement condition of non-conformity matters (including the matters to be observed) in the initial accreditation assessment (2) Changes after the initial accreditation assessment (3) Confirmation of conformity of the management system such as the management review, the implementing situation of the internal audit, etc The re-assessment (all clauses assessment) by the accreditation body shall be carried out for all clauses of ISO/IEC requirements. The re-assessment shall be carried out within three years after the day of initial accreditation and within four years after the day of initial accreditation. Thereafter, it shall be carried out in principle within two years after the day of the previous the re-assessment The accreditation body may carry out the extraordinary assessment of the accredited laboratory if the following matters occur or are likely to occur to the accredited laboratory and the quality manager or the measuring committee of the accreditation body approves its necessity: (1) In having significant complaints or the other situations, the acute question is shown for conformity to accreditation criteria, or the quality of the evaluation or the cryptographic module testing.

26 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 26/29 (2) There were changes affecting the technical competence such as changes of the technical management, the retirement of the chief evaluator, etc. (3) There was the accreditation succession. (4) The result of the proficiency testing showed the question for the technical competence as the accredited laboratory 4.7 Notification of Abolishment When the accredited laboratory withdraws all or part of its work or reduces its scope of work, it shall notify the accreditation body of the withdraw of its accreditation together with the accreditation certificate thereof within about 30 days after the abolishment, etc. 4.8 Suspension of Accreditation The accreditation shall be suspended if applicable to any of the following matters. If the accreditation of the testing laboratory is suspended, the fact shall be published by the accreditation body. (1) In the case when as a result of the contract assessment, the significant non-conformity was found and the evaluation committee evaluates to determine the suspension of the accreditation (for example, the suspension of the accreditation is determined, when it is recognized to need about 30 days or more for improvement of non-conformity, or when it is necessary to investigate the influence ascending to the past by the reason of the significant errors in the issued evaluation technical report, etc.). (2) In the case when the result of the proficiency testing has showed the question for the technical competence as the accredited laboratory. 4.9 Withdrawal of Accreditation The accreditation shall be cancelled if applicable to any of the following matters. If the accreditation of the testing laboratory is withdrawn, the fact shall be published by the accreditation body. Also, the accreditation certificate shall be returned. (1) In the case where accredited laboratory did not undergo the contract assessment defined by the clause 4.6 or the proficiency testing defined by the clause 4.3; (2) In the case where the expense of the contract assessment defined by the clause 4.6 or the proficiency testing defined by the clause 4.3 is not paid by the accredited laboratory (3) In the case where it is found that the evaluation technical report or test report with the accreditation symbol attached is issued of which activities are out of the accreditation scope (provided that this is not applicable if it is clearly identified in the report that the result is outside of the accreditation scope.). (4) In the case where it is found that there is no technical competence as a result of the contract assessment or the proficiency testing. (5) In the case when it is found that the evaluation/test works had been carried out in deviating very much from this requirement. (6) In the case when it has been repeatedly required to improve the same findings as being

27 TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 27/29 required in the past in the contract assessment, etc. (7) In the case when it is found to have been accredited by the illegal means Requirements for Handling of Accreditation Symbol The accreditation body shall apply to the applicant and the accredited laboratory requirements specified in clause through for the method of use of the accreditation symbol and the handling of use limitation thereof. The applicant and the accredited laboratory shall comply with all of those requirements Policy (1) When the accredited laboratory carries out the evaluation or the cryptographic module testing within the accreditation scope, it may issue the evaluation technical report or the test report with the accreditation symbol attached. (2) In using the accreditation symbol (the one specified in clause ) having the ILAC-MRA mark, ILAC laboratory combination MRA mark sublicense agreement shall be submitted in advance. (3) Except for the case specified in this requirement, no one shall attach the accreditation symbol or the confusing mark thereof to the evaluation technical report or the test report Accreditation Symbol (1) The shape of the accreditation symbol shall be as follows. (2) The color of the accreditation symbol shall be equivalent to the following or same in the whole symbol in principle. (3) Indicate the accreditation number of each accredited laboratories in the portion of "ASNITE XXXX" among the accreditation symbol. Leave the space more than a half-width character between "ASNITE" and "XXXX". (4) Indicate the identification mark "T" of testing laboratories as "addition information on the accreditation symbol" in the portion of "OO" on the right of "ASNITE XXXX". Ask the accreditation body about the identification mark of the accredited organization which has received two or more accreditation. ASNITE XXXX OO Operation for use of Accreditation Symbol (1) Format of Report If the applicant and the accredited laboratory issue the evaluation technical report or the test report with the accreditation symbol attached, they shall notify the accreditation body of the format in