Qatar Common Criteria Scheme (QCCS)

The Common Criteria (CC) is an international set of guidelines and specifications defining a framework for IT security evaluation and certification. It provides assurance that IT products meet standard security requirements for government or specific market deployments through formal recognition that certify a product as it meets Information Assurance (IA) requirements.

Detailed information on what the Common Criteria is, and its guiding documentation, can be obtained from the Common Criteria website.

Qatar government has recognized the need for excellence in the certification services it provides through Qatar Common Criteria Scheme Certification Body under National Cyber Governance and Assurance Affairs within National Cyber Security Agency (NCSA).

Qatar Common Criteria Scheme QCCS has been recognized by Common Criteria Recognition Arrangement (CCRA) as a Certificate Consuming Member in 2015, and became an Authorizing Member in 2023. An important distinction is that certificates provided by Authorizing Members are recognized internationally, while certificates from Consuming Members are recognized nationally.

National Cyber Security Agency (NCSA) is the owner of the Qatar Common Criteria Scheme. The Scheme Director, also the Director of National Cyber Governance and Assurance Affairs has authority for the strategic management and oversight of the QCCS CB.

The scheme provides a model for recognition or licensing (government and commercial) Evaluation Bodies (EBs) to conduct security evaluations of ICT products, systems and protection profiles against internationally recognized standards; Common Criteria (ISO/IEC 15408) and Common Evaluation Methodology (ISO/IEC 18045).

QCCS CB delivers the following additional supporting services:

  • Engagement with CCRA member countries and participation in the development and maintenance of the CCRA, ISO/IEC 15408, ISO/IEC 18045 on behalf of the Qatar Government;
  • Provision of support to third party assessors for the purpose of assessing compliance of:
    • the Common Criteria Scheme with CCRA requirements (Voluntary periodic assessment),
    • accreditation of Evaluation Bodies (EBs) to against ISO/IEC 17025;
  • Provision of Training and Development for Certifiers, and interested customers;
  • Management of Scheme publications including the QCCS Certified Products Register that lists scheme certified products

QCCS Recognized Evaluation Bodies

An Evaluation Body (EB or EBs) is either a commercial or governmental evaluation facility licensed by QCCS, and accredited (ISO/IEC 17025) by an accreditation body under ILAC and MRA, to conduct evaluations under the QCCS. The EB Recognition Procedure will be applied when licensing an EB.

Below is the list of QCCS recognized labs: 

Evaluation Body

Address & Contact Details

Contact Person

TUV Informationstechnik GmbH (TÜViT)

https://www.tuvit.de/

Am TÜV 1, 45307 Essen, Germany

Phone: +49-201-8999-639

Fax : +49 201 8999-666

Email : securitylab@tuvit.de

Marc Le Guin

BEAM Teknoloji A.Ş.

https://www.beamteknoloji.com/

ODTÜ Teknokent Galyum Binası Zemin, Kat No: 1 06800 Çankaya Ankara/TÜRKİYE

Phone: +90 (312) 210-1224
Fax: +90 (312) 210-1294
Email: mecakir@beamteknoloji.com

Mehmet Çakır

National Testing and Vetting Laboratory (NTVL)

 

Note: Capabilities up to EAL2+

National Cyber Security Agency(NCSA),
National Testing and Vetting Laboratory(NTVL)
P.O. Box 24100,
Wadi Al Sail Street
Doha, Qatar 

Phone: +974 2362220
Email: jalmuftah@ncsa.gov.qa

Jassim Al Muftah

TUBITAK BILGEM OKTEM Laboratory

https://oktem.bilgem.tubitak.gov.tr/en

TÜBİTAK BİLGEM Barış Mh. Dr. Zeki Acar Cd. No:1 Gebze 41470 KOCAELİ/TÜRKİYE

Phone: +90 262 675 2374

Fax: +90 262 648 1100

Email:oktem@tubitak.gov.tr yasir.bulut@tubitak.gov.tr

Yasir Emre BULUT

Below is the list of QCCS certified products: 

Evaluation Details

Product Details

Related Information

Evaluation Body
TÜV Informationstechnik GmbH

Developer/Sponsor
DERMALOG Identification Systems GmbH

Contact
Manuela Tiedemann
Mittelweg 120, 20148 Hamburg, Germany
Tel.: +49 40 413 227-0
Fax: +49 40 413 227-89

E-Mail:
manuela.tiedemann@dermalog.com
https://www.dermalog.com

DERMALOG Fingerprint PAD Kit LF10

Hardware
LF10, Part-No. 8004-0009-00 
Software
DermalogBPLF10Plugin,1.7.2.2126 DermalogFakeFingerDetectionLF10Plugin, 1.4.0.2125
DermalogFourprintSegmentation2, 1.18.1.2126 
DermalogAuditLogger, 1.1.3.1827

Product Description The TOE is a fingerprint sensor (plus its related software and guidance documentation) which provides a countermeasure against the aforementioned attacks. It is capable of classifying whether a finger that is presented to the sensor of the TOE, is actually a real finger presented by a genuine user (in a so-called Bona Fide attempt) or whether an artefact is presented (a so-called artefact presentation or presentation attack).

The following security functions are implemented by the TOE:

  • Audit Data Generation
  • Full Residual Information Protection
  • Secure TSF Data
  • Specification of Management Functions
  • Biometric Spoof Detection

Assurance
Common Criteria Part 3 conformant, ADV_ARC.1,ADV_FSP.2,ADV_TDS.1, AGD_OPE.1,AGD_PRE.1,ALC_CMC.2, ALC_CMS.2,ALC_DEL.1,ALC_FLR.1, ASE_CCL.1,ASE_ECD.1,ASE_INT.1, ASE_OBJ.2,ASE_REQ.2,ASE_SPD.1, ASE_TSS.1,ATE_COV.1,ATE_FUN.1, ATE_IND.

Conformance
Fingerprint Spoof Detection Protection Profile based on Organizational Security Policies (FSDPP_OSP), Version 1.7, 27 November 2009

Certification Date
30 September 2021

Certificate ID
QCCS-CERT-C001-001-2021

Security Target

Certification Report

 

Evaluation Body
BEAM Teknoloji A.Ş.

Developer/Sponsor
Huawei Technologies Co., Ltd.

Contact
Yong Wang
Huawei Industrial Base, Bantian, Longgang, Shenzhen 518129, China
Tel.: +86 18652028245

E-Mail:
bravo.wangyong@huawei.com
https://www.huawei.com

Huawei NetEngine 8000 M14 Routers' Software

V800R021C00, patch version V800R021C00SPC100

Product Description
The TOE is the software running on the NetEngine 8000 M14 router. The router consists of both hardware (non-TOE) and software. The software running on the router is denominated Versatile Routing Platform (VRP) developed by Huawei. VRP provides extensive security features, including different interfaces with according to access levels for administrators, enforcing authentications prior to establishment of administrative sessions, auditing of security-relevant management activities. The TOE software consists of TSF and non-TSF parts.

The following security functions are implemented by the TOE:

  • Security audit
  • Cryptographic support
  • Identification and authentication
  • Secure Management
  • Protection of the TSF
  • TOE access through user authentication
  • Trusted path and channels for device authentication
  • Trusted software updates

Assurance
Evaluation Assurance Level 2 Augmented with ALC_FLR.2

Conformance
CC Part 2 Extended, CC Part 3 Conformant, Package conformant to EAL 2 Augmented with ALC_FLR.2

Certification Date
24 April 2022

Certificate ID
QCCS-CERT-C002-001-2022

Security Target

Certification Report

 

Evaluation Body
BEAM Teknoloji A.S.

Developer/Sponsor
Cytomate Solutions and Services

Contact
Hammad Hadeed 
Excellence Tower, Floor 9, Office 903, 
Building 10, Street 850, Zone 63
West Bay, Doha, Qatar
P.O Box: 17829

Tel.: +(974) 5000 3711

E-Mail:
hamad@cytomate.net
https://www.cytomate.net

BREACH+ v2.0

Product Description

Breach+ checks how well security controls work by saving public exploits and executing new attack paths in a safe environment. It goes through the process of a cyberattack, mimicking a real attacker to check if security rules and protections hold up. In addition, Breach+ provides detailed insights into potential vulnerabilities and strengths in security setups. By simulating real-world cyber threats, it helps users understand their system’s weaknesses and where to strengthen them.

The TOE provides the following main security functionality:
• Security audit
• Protection of Security Functionality
• User Data Protection
• Identification and Authentication
• Security Management
• TOE Access

Assurance
Evaluation Assurance Level 1

Conformance
CC Part 1 Conformant, CC Part 2 Conformant, and CC Part 3 Conformant.

Certification Date
2 September 2024

Certificate ID
QCCS-CERT-C003-001-2024

Security Target

Certification Report