Details
- Publication date
- 9 January 2025
- Author
- European Union Agency for Cybersecurity
- Type of Documents
- State-of-the-art Documents
- Certification Schemes
- Certification Stakeholders
- CAB
- ICT Solutions
- Hardware, Software and Components
Description
This state-of-the-art document as defined under Article 2 point 14 of Regulation (EU) 2024/482 is a legal supporting document under Implementing Regulation (EU) 2024/482 on establishing the Common Criteria-based cybersecurity certification scheme (EUCC) which provides the overview of requirements related to the accreditation of Certification Bodies (CBs). As mentioned in the EU Cybersecurity Act, the conformity assessments performed in the context of the EUCC shall follow the requirements of the relevant standard that is harmonized under Regulation (EC) No 765/2008 for the accreditation of conformity assessment bodies performing conformity assessment activities for the purpose of cybersecurity certification of ICT Products.
This document specifically covers the accreditation of CBs as defined under Article 2 point 12 of EUCC: ‘certification body’ means a conformity assessment body as defined in Article 2, point (13), of Regulation (EC) No 765/2008, which performs certification activities.
Such certification activities cover in particular:
- The review of the evaluation results and the verification of the evaluation technical report1 in accordance with Article 9 (1) (d) and (e) of EUCC;
- The issuance, renewal and withdrawal of EUCC certificates in accordance with Articles 9 to 14 and 16 to 20 of EUCC;
- Monitoring activities, as defined in Article 26 (1) of EUCC;
- Conformity and compliance activities, as defined in Articles 28 to 31 of EUCC;
- Vulnerability management and disclosure activities, as defined in Articles 35 and 36 of EUCC.
