TrustCB works with the following labs that have been licensed for IT security evaluations through TrustCB’s Lab Licensing program.
All labs listed below are licensed by TrustCB to perform evaluations for the listed schemes, and have satisfied the minimum requirements 1 to 3, listed below.
Labs and schemes marked as “provisionally licensed” have yet to fulfil requirement 4 – the successful completion of an evaluation in the indicated scheme. They are licensed by TrustCB for evaluations in that scheme, just pending a suitable first project.
| Licensed Lab | Scope of lab license |
|---|---|
|
Applus+ Laboratories Ronda de la Font del Carme, s/n E-08193 Bellaterra (Barcelona) Spain Point of Contact: Guillem Malagarriga Email: [email protected] Tel: +34 93 567 20 00 Web: itlabs.appluslaboratories.com/ Additional location: Av. de Aragón, 402, Edificio Allende – 5ª planta Applus San Blas-Canillejas; 28022 Madrid, Spain |
LICENSED for: GSMA eSA PSA Certified scheme TrustCB SESIP Scheme PROVISIONALLY LICENSED for: CCC Certification Scheme for SE/Digital Key Applet security evaluation EUCC, Assurance levels HIGH and SUBSTANTIAL FeliCa™ Approval for Security and Trust (FAST) MIFARE |
|
Bureau Veritas Cybersecurity Europe B.V. Herikerbergweg 15, 1101 CN Amsterdam The Netherlands Email: [email protected] Tel: +31 (0)88 8883100 |
LICENSED for: NSCIB (note scheme now closed, maintenance only) PROVISIONALLY LICENSED for: TrustCB MDSCert |
|
CAICT No.52, Huayuan North Road, Haidian District, Beijing, China |
LICENSED for: PSA Certified scheme (PSA L1 – PSA L2) TrustCB SESIP Scheme (SESIP1 – SESIP2) |
|
DEKRA Testing and Certification, S.A.U. Calle Severo Ochoa, 55 (planta 2). Parque Tecnológico de Andalucía; 29590 Campanillas Spain Point of Contact: Jorge Carrera Email: [email protected] Tel: +34 95 261 91 00 Web: dekra.com/ |
LICENSED for: TrustCB MDSCert PSA Certified scheme TrustCB SESIP Scheme |
|
ECSEC Laboratory Inc. 3-21 Kanda-Nishiki-cho Chiyoda-ku, Tokyo, 101-0054 Japan Point of Contact: Yasuhiro SAGESAKA Inquiries: Inquiry form Tel: +81-3-5259-8064 |
LICENSED for: PSA Certified scheme (PSA L1 – PSA L3) TrustCB SESIP Scheme (SESIP1 – SESIP3) PROVISIONALLY LICENSED for: FeliCa™ Approval for Security and Trust (FAST): (Applet evaluation) |
|
Institute for Information Industry Cybersecurity Assessment and InfoComm Software Quality Assurance Laboratory 5F., No.133, Sec.4, Minsheng E.Rd., Songshan Dist, Taipei City, Taiwan(R.O.C.) Point of Contact: Karen Jeng Email: [email protected] Tel: +886-2-66073293 |
LICENSED for: PSA Certified scheme (PSA 1 – PSA 2) TrustCB SESIP Scheme (SESIP1 – SESIP2) |
|
Keysight Technologies Netherlands Riscure B.V. Delftechpark 49 2628 XJ Delft The Netherlands Point of Contact: Pascal van Gimst and Nikola Medic Email: [email protected] Tel: +31 15 251 40 90 Web: www.keysight.com |
LICENSED for: CCC Certification Scheme for SE/Digital Key Applet security evaluation FeliCa™ Approval for Security and Trust (FAST) GSMA eSA NSCIB (note scheme now closed, maintenance only) PSA Certified scheme TrustCB SESIP Scheme PROVISIONALLY LICENSED for: EUCC, Assurance levels HIGH and SUBSTANTIAL MIFARE |
|
Serma Safety & Security 14, rue Galilée – CS10071 33608 Pessac France Point of Contact: Pierre-Marie MADEC Email: s[email protected] Tel: +33 (0)5 33 20 65 17 Web: www.serma.com |
LICENSED for: FeliCa™ Approval for Security and Trust (FAST) GSMA eSA MIFARE PSA Certified scheme TrustCB SESIP Scheme PROVISIONALLY LICENSED for: CCC Certification Scheme for SE/Digital Key Applet security evaluation EUCC, Assurance levels HIGH and SUBSTANTIAL |
|
SGS Brightsight B.V. Brassersplein 2 2612 CT Delft The Netherlands Email: [email protected] Tel: +31 15 269 25 00 Web: www.brightsight.com Additional locations: Parc Oficinas Sant Cugat Nord 08174 Sant Cugat del Vallés (Barcelona), Spain — Rue de la Belle du Canet 13590 Meyreuil, France — Inffeldgasse 28 8010 Graz, Austria — Trespaderne 29, Edificio Barajas I, Barrio Aeropuerto, ES28042 Madrid, Spain |
LICENSED for: EUCC, Assurance levels HIGH and SUBSTANTIAL FeliCa™ Approval for Security and Trust (FAST) GSMA eSA MIFARE NSCIB (note scheme now closed, maintenance only) PSA Certified scheme TrustCB SESIP Scheme PROVISIONALLY LICENSED for: CCC Certification Scheme for SE/Digital Key Applet security evaluation TrustCB MDSCert |
|
TÜV Informationstechnik GmbH Am TÜV 1 45307 Essen Germany Point of Contact: Marc Le Guin Email: [email protected] Tel: +49-201-8999-639 Web: www.tuvit.de/en |
LICENSED for: EUCC, Assurance levels HIGH and SUBSTANTIAL FeliCa™ Approval for Security and Trust (FAST) MIFARE NSCIB (note scheme now closed, maintenance only) TrustCB SESIP Scheme PROVISIONALLY LICENSED for: GSMA eSA |
|
Thales SIX GTS France S.A.S 290 Allee du Lac, 31670 Labege, France Email: [email protected] Tel: +31 71 581 3636 |
LICENSED for: CCC Certification Scheme for SE/Digital Key Applet security evaluation PROVISIONALLY LICENSED for: EUCC, Assurance level SUBSTANTIAL PSA Certified scheme TrustCB SESIP Scheme |
|
UL TS B.V. Johanna Westerdijkplein 1, 2521EN Den Haag The Netherlands Email: [email protected] Tel: +31 707018751 Web: www.ul.com/services/common-criteria-certification-information-technology-it-security |
LICENSED for: NSCIB (note scheme now closed, maintenance only) PROVISIONALLY LICENSED for: TrustCB SESIP Scheme (SESIP1 – SESIP2) |
The following The The following provisionally licensed labs are pending completion of a pilot evaluation (an actual project) in at least one of the listed schemes.
| Provisionally Licensed Lab | Scope of Lab License |
|---|---|
|
atsec information security AB Svärdvägen 23 182 33 Danderyd Sweden Point of Contact: Markus Engqvist Email: [email protected] Tel: +46 8 551 104 00 Web: www.atsec.com |
PROVISIONALLY LICENSED for: MDSCert TrustCB SESIP Scheme (SESIP1 – SESIP3) |
|
Beijing Unionpay Card Technology Co., Ltd. 18#Building, No .30 Shixing Street, Shijingshan Science and Technology Park, Beijing, China Point of Contact: Olina Wang Email: [email protected] Tel:+86 10 8113 1626 |
PROVISIONALLY LICENSED for: PSA Certified scheme (PSA 1 – PSA 3) TrustCB SESIP Scheme (SESIP1 – SESIP3) |
|
CCLab – The Agile Cybersecurity Laboratory 1134 Budapest, Váci út 49. Hungary Web: www.cclab.com Additional location: 4024 Debrecen, Piac utca 45-47. II. em. 1. |
PROVISIONALLY LICENSED for: EUCC, Assurance level SUBSTANTIAL |
|
CEA Leti MINATEC Campus DRT/LETI/DSYS/SSSEC/CESTI 17 AVENUE DES MARTYRS 38054 GRENOBLE Cedex 9 FRANCE/p> Web: www.leti-cea.fr |
PROVISIONALLY LICENSED for: TrustCB SESIP Scheme |
Labs wishing to be assessed for TrustCB Lab Licensing for one of more schemes operated by TrustCB must meet the minimum lab requirements, as detailed here.
Minimum requirements of labs licensed by TrustCB:
- The lab shall have a suitable functioning quality system for the control of evaluation tasks. This can be demonstrated through ISO/IEC 17025 accreditation by the national accreditation council of the lab testing activities with the appropriate scope (such as Common Criteria, ISO/IEC 15408, or ISO/IEC 18045).
- The lab shall employ staff who have demonstrable evaluation knowledge, general technical skills, IT skills, and knowledge of IT security evaluation (such as Common Criteria).
While this is partially addressed through the ISO/IEC 17025 accreditation process, TrustCB has a responsibility to ensure that the evaluators employed by the lab have suitable knowledge of the evaluation criteria and methodology, as well as suitable testing skills for the technical domain in which they operate. Evaluators must have completed a recognised evaluator training course and passed the associated examination.
- The lab shall demonstrate suitable security of the organisation’s operations, staff, and processes in relation to evaluation activities.
The lab shall document and apply security operating procedures to control the processes and the handling of evaluation materials (samples and evidence). The security operating procedures shall cover the handling and storage of physical items and the processing, exchange, and storage of electronic items. As such, the procedures must consider the physical location of the lab and the networks and computing equipment used within the lab and remotely.
- The lab shall demonstrate its ability to successfully complete an evaluation.
The lab shall successfully complete a trial evaluation, as specified by TrustCB, applicable to the scheme(s) under which the lab chooses to operate.
Applying for TrustCB Lab Licensing
A lab’s application for Lab Licensing must details of how the lab meets the minimum licensing requirements, including details of ISO/IEC17025 accreditation from a National Accreditation Body (such as the RvA in the Netherlands) to demonstrate the lab has a suitable functioning quality system.
Labs that successfully complete this first step will be invoiced the lab licensing fee in order to go to the next step of an on-site lab audit by TrustCB, for the requested scheme(s).
A lab may only claim to be a Licensed Lab if TrustCB has confirmed a licensing status.
Provisionally licensed
Once all aspects of requirements 1-3 have been judged by TrustCB as successfully completed, TrustCB may grant a “provisional license” to the lab. This enables the lab to perform a trial evaluation to show compliance to requirement 4 for a specific scheme.
To users of the lab, “provisionally licensed” reflects confidence in the lab’s technical competence to perform trial evaluation, while full licensing is pending.
Note that there is no time limit to how long a lab can stay in this “provisionally licensed” status, as long as the lab fulfils requirements 1-3, passes the yearly audit and pays the yearly licensing fee(s).
Licensed
Once the trial evaluation has successfully been completed, thereby fulfilling all aspects of requirements 1-4 , TrustCB may confirm the lab as (fully) “licensed” for that scheme.
To users of the lab, “licensed” therefore reflects that at least once the lab has shown it can perform the necessary work and operate within the processes of the scheme.
License renewals
Every year, including the year of application, the lab must pay the yearly license fee(s) and pass an audit for the schemes and technical domains the lab is (intended) to be licensed for. Non-conformities need to be resolved in a timely manner, as determined solely by TrustCB, or the lab’s licensing will be revoked, either partly or completely.
Contact [email protected] for more details