Skip to main content
  • Supplementary information

Minimum Site Security Requirements

Details

Part of collection
Publication date
31 January 2024
Author
European Union Agency for Cybersecurity
Type of Documents
  • State-of-the-art Documents
Certification Schemes
ICT Solutions
  • Hardware, Software and Components

Description

The Common Evaluation Methodology (CEM) describes in ALC_DVS family what the evaluator has to examine with regard to developer security but does not define the minimum site security requirements (MSSR). The evaluator is responsible to determine an acceptable set of security measures. The purpose of this state-of-the-art document supporting the EUCC scheme is to define a set of minimum requirements that a developer shall meet and that an evaluator is able to verify during any type of evaluation under the EUCC scheme in order to ensure compliance with ALC_DVS.1 and ALC_DVS.2 in a manner consistent with today’s standard practices for evaluations requiring an attack potential associated with AVA_VAN.5. 

The requirements set in this state-of-the-art document are “minimum” in the sense that: 

  • all developers have to implement the controls and related security measures defined in this document;
  • additional requirements could apply to meet the protection needs of the TOE.
EUCC State-of-the-Art

Files

  • 31 JANUARY 2024
Minimum Site Requirements