Supplier information

CSEC - Swedish Certification Body for IT Security

CSEC operates as Sweden`s national certification body for IT Security in products and systems according to the standard Common Criteria, CC. CSEC issues internationally recognised certificates.

Certifies products

Common Criteria

  • Is used to formulate security requirements on IT security
  • Is used for impartial evaluation of IT security
  • Has an international recognition by the leading countries in IT security
  • Is formally standarised as ISO/IEC 15408
  • Is developed in close cooperation between IT security authorities in several countries
  • Is considered mandatory for IT products in critical infrastructures in several countries
  • Is applied in several sectors such as defense, finance, healthcare, transport and communication

What does CSEC do?

  • Operates and administrates rules for evaluation of IT security in products and systems according to the CC
  • License facilities that evaluate IT security in products and systems according to these rules
  • Supervise these facilities and support them in the evaluation process
  • Certifies products used by the Swedish Defense among others
  • Collaborates internationally with other certification bodies and safety authorities
  • Promote better knowledge of CC and why CC should be used as a framework for evaluation IT security products and systems

Certificates may be subject for mutual recognition according CCRA (Common Criteria Recognition Arrangement), EA MLA (The EA Multilateral Agreement), and SOGIS-MRA (Senior Officials Group Information Systems Security - Mutual Recognition Arrangement).

Certificates issued by CSEC

All certified products within CCRA

International CC collaboration - CCRA

CSEC represents Sweden within CCRA as the national certification body and signatory. In these roles CSEC collaborates in the international development of CC, and provides Sweden´s vote when new countries applies for membership in the organisation.

List of members

European collaboration - SOGIS-MRA

CSEC represent Sweden in the European Organisation SOGIS-MRA. The organisation is based on mutual recognition of certificates issued by the member states.

List of members

The Cooperation Group for Information Security - SAMFI

CSEC is a part of SAMFI. This group consists of Swedish authorities with special assignments in the field of Information Security.

SAMFI

The Swedish Board for Accreditation and Conformity Assesment - Swedac

Swedac is a state agency that examines and accredits businesses or organisations based on global standards. In 2008 CSEC was accredited as Sweden's national Certification Body for IT Security in products and systems according to the Common Criteria, CC. Swedac performs regular oversights to ensure that CSEC holds the standard that forms the basis for accreditation.

Swedac

An update of the Swedish scheme has been published and will be valid from the 14th of October 2019. The update has version 1.23. The update contains the following changes:

  • The evaluator has to send a list of supporting documents with the application and evaluation reports.
  • Irrelevant documents are removed as requirements in an application for Certificate Maintenance.
  • Added an EAL4-only clause. A paragraph explaining that it is only allowed to put the cryptographic implementation in the environment at EAL4 and above, or if the implementation is fully evaluated by the evaluation as if it were part of the TOE, is also added.
  • Minor editorial changes are made in several documents.

Changes has been added to the following documents:

SP-001
SP-002
SP-007
SP-188

Links to the documents can be found below.

Current release note

Certification scheme - Scheme Publications

You will find documents with detalied information about rules and processes, and requirements on the different parties in the certification system.

E-post: csec@fmv.se

Publicerad: 2020-02-21