ENISA has published this week an update of the EUCC (Common Criteria based European candidate cybersecurity certification). A scheme that we are deeply proud to be published, since jtsec has actively participated through the Ad Hoc Working Group and the Stakeholders Cybersecurity Certification Group in the creation of the candidate scheme named by ENISA as valid for the certification of ICT products.
At jtsec we are in the process of evaluating a video identification product under the LINCE methodology, , thus being pioneers in evaluating this family of products according to the security requirements established in the regulation that came into force in May 2021.
The Cybersecurity Act aims to achieve this objective by creating a common European framework for the development of common schemes for cybersecurity certification. The Cybersecurity Act or CSA sets out three levels of assurance (basic, substantial and high) that will allow the evaluation of systems, processes and products
Due to the speed at which manufacturers develop their products, on many occasions when certification ends; the product, which continues to evolve and improve, is already in versions later than the certified one, thus creating a gap between versions that the manufacturer is developing and the version that appears in the catalog. In order to solve this problem, the Continuous Qualification Strategy was created.
At jtsec we work to improve the cybersecurity of the products of the most leading companies in the IT sector, therefore, having customers like McAfee and being able to collaborate in the improvement of their cybersecurity, is always a challenge. In addition, we would like to to thank McAfee for its excellent attitude towards cybersecurity by making public the three CVEs (Common Vulnerability Exposure) of its product McAfee Web Gateway found during the evaluation process.
