Instytut Łączności

The newest laboratory, established at the National Institute of Telecommunications, is the IT Security Evaluation Facility (ITSEF)which operates along with the Cybersecurity Department (Z-4).

We work following the PN-EN ISO / IEC 17025: 2018-10 standard requirements and have been granted the AB1787 accreditation certificate, issued on April 9, 2021, by the Polish Center for Accreditation.

ITSEF belongs to a small group of laboratories globally, officially accredited to conduct evaluations according to the Common Criteria reference standards (PN-EN ISO / IEC 15408 series standards) and Common Evaluation Methodology (PN-EN ISO / IEC 18045 standard). The Common Criteria reference standards define a set of stringent criteria against which a product can be evaluated in terms of:

• functional security,
• security architectures,
• product development environment,
• handling identified vulnerabilities in the product.

ITSEF conducts the product evaluations based on the most stringent security standards which is confirmed by the certificate of compliancy of the information management system with PN-EN ISO/IEC 27001 issued by the accredited certification entity ISOCERT®. The certification scope is: “laboratory activities toward security evaluations and conformity testing performed in the IT Security Evaluation Facility (ITSEF).”

Creating an ITSEF compliant with the Common Criteria is important for the Polish, regional, global economy, and society. We have specialized equipment and highly qualified specialists who contribute to reliable and independent evaluations. We use innovative product research techniques, covering even the most advanced attacks on functional safety.

The laboratory performs cybersecurity and privacy evaluations and tests concerning ICT processes, products, and services. We evaluate ICT products, both software and hardware and software components, in application areas such as:

• critical infrastructure - programmable controllers, VPN, wireless networks;
• IT infrastructure - IPSec, cryptographic modules, intrusion detection systems, anti-virus systems;
• public administration - passports, driving licenses;
• remote identification and authentication - electronic signature, electronic seal;
• healthcare - medical devices, doctor, and patient cards;
• telecommunications and radio networks - network components and terminal equipment.

ITSEF activities are characterized by impartiality, independence, and transparency. We ensure the confidentiality of evaluation  results at a level so far unheard of in other laboratories because:

• we conduct evaluations  in rooms that meet the highest global standards of technical security,
• we collect and store evaluation results in the laboratory's IT system, physically separated from other systems of the Institute and the Internet, and meeting the highest standards of ICT security,
• we implement and follow security procedures which, together with integrated electronic technical security systems and the laboratory's IT system, ensure full traceability, comparability, and repeatability of every part of the tests.

We can show some real successes in evaluation of ICT solutions which are of crucial importance for the Polish cyberspace security. In results of successful evaluations, the following products have received Common Criteria Certificate which are globally recognized:

• Authentication module for remote signing operations: SimplySign Signature Activation Module (SAM), version 6.2.0, developed by Asseco Data Systems SA
• Trusted system providing hand-written biometric signature service for signing PDF documents: biocertiX – handwritten biometric signatures on PDF documents, version 1.1, developed by Xtension Sp. z o.o, in co-operation with Asseco Data Systems SA and Samsung
• Industrial Optic Data Diode: A.R.I.C. NDS Optical Industry Data Diode, version 2.0.0, developed by Dynacon Sp. z o.o.

All certificates ready to be downloaded are available at https://certyfikacja.nask.pl/certyfikaty/.

We are first accredited laboratory in Poland that has performed successful conformity assessment process of cryptographic library according to EN 19790 „Security requirements for cryptographic modules” (equivalent to FIPS 140-3).

We have performed one of first security evaluation according to EN 17640 „Fixed-time cybersecurity evaluation methodology” and technical specifications Open-RAN and 3GPP for the 5G network component O-DU (O-RAN Distributed Unit).

• Accreditation of the Polish Center for Accreditation,
• Common Criteria  compliance (ITSEF)
• Compliance with the PN-EN ISO / IEC 17025: 2018-10 standard
• Compliance with PN-EN ISO/IEC 27001, confirmed by the certificate issued by accredited certification entity
• Ensuring the confidentiality of research results, respect for intellectual property rights and know-how
• Innovations in the field of cybersecurity
• Independent third side assessments, ensuring the quality required of an accredited laboratory, beyond the "trust me" statement
• Possibility to obtain a cybersecurity certificate for a product at the KSO3C certification body located
  at the NASK National Research Institute (NASK-PIB) after successfully passing the product safety assessment
• Customer support, from the design phase to successfully completing a product security evaluation; we are with the client to quickly verify whether the innovation meets the rigors set by the security evaluation
• Readiness Assessment to help you estimate the level of effort that is required to complete a product security evaluation successfully
• Qualified and experienced evaluators
• Evaluators who are active in the international arena, active participation in world conferences, including International Common Criteria Conference, ENISA Cybersecurity Certification Conference.

Due to the nature of our work, we respect the trust and commitment that our clients place in us every day, and we strive to best respond to their needs. We stimulate creative ideas and innovative ways of doing things, and at the same time, understand the balance between creativity and the rigor of security evaluation.

We invite you to cooperate with us!
 
Contact:
e-mail: LOB_ITSEF@il-pib.pl

Laboratorium Oceny Bezpieczeństwa Produktów Teleinformatycznych powstało w ramach projektu „Krajowy System Oceny i certyfikacji bezpieczeństwa produktów ICT zgodny z Common Criteria (KSO3C)”, finansowanego w ramach Programu Krajowego NCBiR „Cyberbezpieczeństwo i eTożsamość” (CyberSecIdent).