NASK, representing Poland, has been accepted to the elite group of fully qualified members of the SOG-IS MRA international agreement. This means that the NASK-PIB Certification Body has the right to issue cybersecurity certificates for IT products, recognized in a number of European countries that are signatories to the Mutual Recognition Agreement. The Common Criteria certification confirms that the certified products meet the requirements of this key international cybersecurity standard.
NASK and its specialized unit, NASK-PIB Certification Body since 2017 has been responsible for development and supervision of the ICT certification scheme. Now we have entered a new stage: we became Certificate Authorising Participant to the SOG-IS Agreement (Senior Officials Group Information Systems Security). It’s worth to mention that before that NASK Certification Body has been accredited by Polish Accreditation Center and thoroughly reviewed by SOG-IS auditors from Sweden and Germany.
It is an important milestone in the digital transformation of Poland. This way, the capabilities of Poland in the field of cybersecurity have increased and the domestic developers holding CC certificates for their products will become more competitive and will gain access to new markets and prestigious projects.
In practice, this means that cybersecurity certificates issued for ICT products by NASK will be recognized by most of the countries that are the leading IT markets in the world. Certification is based on the Common Criteria standard, which has been implemented in Europe and Poland as PN‑EN ISO/IEC 15408 standard.
The Common Criteria standard is used to evaluate the security properties of IT products and systems. It lays down security requirements and specifies the scope of documenting security measures. It is used by governments and private organizations around the world to evaluate information technology products security; compliance with the standard is a frequent pre-requisite for co-operation.
“Security and sovereignty of the Polish cyberspace are the pillars of the government strategy and the basis for social and economic growth. We spare no effort and measures to be among global leaders in digital transformation, as manifested by the model functionality of numerous public services. The right to issue international cybersecurity certificates for IT products is a great success for all experts that have been working on the certification system for years and a great opportunity for IT developers who wish to grow their potential,” says Minister Janusz Cieszyński, Government Plenipotentiary for Cybersecurity.
“I am most glad that NASK has become a certification body. Given the growing level of cyberattacks and the increasing requirements for security standards, as confirmed by the recently adopted NIS2 EU Directive, the certificates have not only become an indispensable warranty of quality but also open the door to high-profile projects. Given the digitalization of the increasing sphere of public life, trust and reliability of IT products are of utmost importance,” believes Wojciech Pawlak, NASK Director.
NASK-PIB Certification Body is the only organization in Poland authorized to issue international cybersecurity certificates as part of the SOG-IS agreement, where NASK has represented Poland since 2017. Today, SOG-IS is the association bringing together 17 European countries. Established in 1992 on the basis of the EU Council Decision in the field of security of information systems, the organization has coordinated the policy of mutual recognition of certificates.
“The decision by SOG-IS Management Committee confirms that we are fully ready to issue security certificates on our own. We have already issued the first documents of this kind, have been working on certification of new products, and we are expecting a growing interest in our activities due to the fact that today cybersecurity is at the centre of interest of all informed developers, organizations, services and institutions,” argues Paweł Kostkiewicz, NASK Director for Certification.
The European budget of cybersecurity spending is worth €34 bn a year. Participation in the certification programme increases the potential to access this segment of the market.
Common Criteria Certificates issued by the NASK-National Research Institute under the SOG-IS agreement, are recognized in countries such as Austria, Belgium, Croatia, Denmark, Estonia, Finland, France, Germany, Italy, the Netherlands, Luxembourg, Norway, Slovakia, Spain, Sweden, the United Kingdom and Poland.