※(注記)このページの著作権について

Necessity and Meaning of Information Technology Security Evaluation Based on International Standards

International Standard “ISO/IEC 15408 Common Criteria for Information Technology Security Evaluation” is a technical standard to evaluate whether the information-technology-related products are properly designed and whether the design is correctly implemented from the viewpoint of information security. ISO/IEC 15408 is based on the security evaluation standard developed by the Common Criteria project, which consisted of seven organizations represented by six European countries and the United States. It was certified as ISO/IEC standard in June 1999, and subsequently accredited as JIS X 5070 in July 2000.
With the standard, security functions of IT products can now be systematically evaluated from various viewpoints.

Click the image drawing to see the full-size image.

Roles of IPA as the Certification Body

In April 2001, the Japan Information Technology Security Evaluation and Certification Scheme (JISEC) was established with the purpose of evaluating security functions in IT products.
Various kinds of IT products, including database management, Firewalls, Public Key Infrastructure (PKI), IT systems, IC cards, multi-functional device, digital cameras, etc., have been evaluated and certified under the scheme.

For further information, please visit https://www.ipa.go.jp/security/jisec/jisec_e/index.html and access to “Japan Information Technology Security Evaluation and Certification Scheme (JISEC)” on its top page.

In October 2003, Japan became a participant to Common Criteria Recognition Arrangement (CCRA) which has been operated by 28 countries(as of June 2017) to further enhance the international competitiveness of Japanese IT products.
In April 2004, IPA has started its operation as the Certification Body to conduct information security evaluation and certification.

CCRA
Click the image drawing to see the full-size image.

Top Page