Qatar Common Criteria Scheme (QCCS)
The Common Criteria (CC) is an international set of guidelines and specifications defining a framework for IT security evaluation and certification. It provides assurance that IT products meet standard security requirements for government or specific market deployments through formal recognition that certify a product as it meets Information Assurance (IA) requirements.
Detailed information on what the Common Criteria is, and its guiding documentation, can be obtained from the Common Criteria website.
Qatar government has recognized the need for excellence in the certification services it provides through Qatar Common Criteria Scheme Certification Body under National Cyber Governance and Assurance Affairs within National Cyber Security Agency (NCSA).
Qatar Common Criteria Scheme QCCS has been recognized by Common Criteria Recognition Arrangement (CCRA) as a Certificate Consuming Member in 2015, and became an Authorizing Member in 2023. An important distinction is that certificates provided by Authorizing Members are recognized internationally, while certificates from Consuming Members are recognized nationally.
National Cyber Security Agency (NCSA) is the owner of the Qatar Common Criteria Scheme. The Scheme Director, also the Director of National Cyber Governance and Assurance Affairs has authority for the strategic management and oversight of the QCCS CB.
The scheme provides a model for recognition or licensing (government and commercial) Evaluation Bodies (EBs) to conduct security evaluations of ICT products, systems and protection profiles against internationally recognized standards; Common Criteria (ISO/IEC 15408) and Common Evaluation Methodology (ISO/IEC 18045).
QCCS CB delivers the following additional supporting services:
- Engagement with CCRA member countries and participation in the development and maintenance of the CCRA, ISO/IEC 15408, ISO/IEC 18045 on behalf of the Qatar Government;
- Provision of support to third party assessors for the purpose of assessing compliance of:
- the Common Criteria Scheme with CCRA requirements (Voluntary periodic assessment),
- accreditation of Evaluation Bodies (EBs) to against ISO/IEC 17025;
- Provision of Training and Development for Certifiers, and interested customers;
- Management of Scheme publications including the QCCS Certified Products Register that lists scheme certified products
QCCS Recognized Evaluation Bodies
An Evaluation Body (EB or EBs) is either a commercial or governmental evaluation facility licensed by QCCS, and accredited (ISO/IEC 17025) by an accreditation body under ILAC and MRA, to conduct evaluations under the QCCS. The EB Recognition Procedure will be applied when licensing an EB.
Below is the list of QCCS recognized labs:
Evaluation Body | Address & Contact Details | Contact Person |
TUV Informationstechnik GmbH (TÜViT) | Am TÜV 1, 45307 Essen, Germany Phone: +49-201-8999-639 Fax : +49 201 8999-666 Email : securitylab@tuvit.de | Marc Le Guin |
BEAM Teknoloji A.Ş. | ODTÜ Teknokent Galyum Binası Zemin, Kat No: 1 06800 Çankaya Ankara/TÜRKİYE Phone: +90 (312) 210-1224 | Mehmet Çakır |
National Testing and Vetting Laboratory (NTVL)
Note: Capabilities up to EAL2+ | National Cyber Security Agency(NCSA), Phone: +974 2362220 | Jassim Al Muftah |
TUBITAK BILGEM OKTEM Laboratory | TÜBİTAK BİLGEM Barış Mh. Dr. Zeki Acar Cd. No:1 Gebze 41470 KOCAELİ/TÜRKİYE Phone: +90 262 675 2374 Fax: +90 262 648 1100 Email:oktem@tubitak.gov.tr yasir.bulut@tubitak.gov.tr | Yasir Emre BULUT |
| Atsec Information Security srl https://www.atsec.com | Via di Santa Croce in Gerusalemme, 63 - 00185 ROME – ITALY Phone: +39 0685383839 Email: atsec-it-adm@atsec.com
| Garibaldi Conte |
Below is the list of QCCS certified products:
Evaluation Details | Product Details | Related Information |
Evaluation Body Developer/Sponsor Contact E-Mail: | DERMALOG Fingerprint PAD Kit LF10 Product Description The TOE is a fingerprint sensor (plus its related software and guidance documentation) which provides a countermeasure against the aforementioned attacks. It is capable of classifying whether a finger that is presented to the sensor of the TOE, is actually a real finger presented by a genuine user (in a so-called Bona Fide attempt) or whether an artefact is presented (a so-called artefact presentation or presentation attack). The following security functions are implemented by the TOE:
| Assurance Conformance Certification Date Certificate ID
|
Evaluation Body Developer/Sponsor Contact E-Mail: | Huawei NetEngine 8000 M14 Routers' Software V800R021C00, patch version V800R021C00SPC100 Product Description The following security functions are implemented by the TOE:
| Assurance Conformance Certification Date Certificate ID
|
Evaluation Body Developer/Sponsor Contact Tel.: +(974) 5000 3711 E-Mail: | BREACH+ v2.0 Product Description Breach+ checks how well security controls work by saving public exploits and executing new attack paths in a safe environment. It goes through the process of a cyberattack, mimicking a real attacker to check if security rules and protections hold up. In addition, Breach+ provides detailed insights into potential vulnerabilities and strengths in security setups. By simulating real-world cyber threats, it helps users understand their system’s weaknesses and where to strengthen them. The TOE provides the following main security functionality: | Assurance Conformance Certification Date Certificate ID |