Insights and changes of the new EU Common Criteria
The EUCC is a new certification scheme adopted by the EU in February 2024, designed to replace the Common Criteria in Europe. This certification scheme will become mandatory for critical security products with digital elements once the Cyber Resilience Act comes into force in the European Union. The EUCC introduces several changes to the traditional Common Criteria, including patch management and vulnerability handling. In this webinar, we will cover the EUCC scheme, the Cyber Resilince Act (CRA) and how both will affect developers of ITC products.
*The live event is no longer available but you watch the videos and download the presentations:
EUCC vs CCRA/SOG-IS: new requirements, challenges and improvements
by Nuria Carrio, Cybersecurity Certification Director at Applus+ Laboratories
CRA and how to comply through the EUCC Certification
by Jose Pulido, Consulting Manager, at jtsec Applus+
EUCC Challenges from an expert perspective
by Javier Tallón Director, at jtsec Applus+
Nuria Carrio, Cybersecurity Certification Director at Applus+ Laboratories
Nuria specializes in hardware security evaluations and has an extensive career that stretches over 14 years in the field. With deep expertise in technologies such as smart cards, secure elements, Trusted Execution Environments (TEE), and other similar hardware and embedded software solutions. She has a deep knowledge of evaluation high-level methodologies such as Common Criteria and EMVCo, standards, attack methods and vulnerability assessments.
Currently, she serves as leading the technical team in achieving compliance with emerging European standards in cybersecurity.
Jose Pulido, Consulting Manager, at jtsec Applus+
José Pulido is a cybersecurity professional with more than 7 years of experience in the sector and over 14 years in the IT industry. He began his career as a developer of cybersecurity solutions and later transitioned to the cybersecurity industry, joining jtsec Beyond IT Security in 2015, where he has worked since. He was the main developer of CCGen software, a framework that helps create the documentary evidence required for Common Criteria evaluations.
At jtsec, he has focused his career primarily on cybersecurity certification standards, especially Common Criteria and LINCE, where he has developed a path leading to his current role as Consultancy Manager, overseeing a large team of cybersecurity professionals.
He is an active figure in the certification industry, speaking at the International Common Criteria Conference (ICCC) since 2020 and contributing to the Common Criteria User Forum (CCUF). He has also collaborated with standardization groups such as ISO/IEC JCT1 SC27 WG3 in developing an ISO for cybersecurity evaluation of connected vehicles based on Common Criteria, as well as with CEN/CENELEC and Eurosmart in drafting protection profiles.
He is currently collaborating with ENISA as the lead technical expert in a study on using EUCC as a pathway to obtain presumption of conformity with the Cyber Resilience Act (CRA).
Javier Tallón Director, at jtsec Applus+
Expert consultant on the Common Criteria standard, and other security assurance standards in the field of information technology (FIPS 140-3, LINCE, IEC 62443-4 or ETSI EN 303 645…). Javier has served as an evaluator in the Spanish CB for the country’s major evaluation labs. As a consultant, he has successfully accompanied national and international companies in several certification processes (to EAL6+). In 2015 he begins to lay the foundations of what will be jtsec.
He currently works as Director of the Granada evaluation lab. Recognized expert in several disciplines of cybersecurity, assumes the technical direction of most of the projects, directing and organizing the work of the team.
He is also former member of ENISA ad-hoc Working Group on SOG-IS successor scheme and contributed as editor of the ISO Patch Managemnt Technical Specification.
Jose Ruiz, Cybersecurity BU Director, at Applus+ Laboratories
Jose Francisco Ruiz Gualda, computer science graduate of Universidad de Granada, has more than 17 years’ experience in Cybersecurity Certification under different standards like CC, FIPS 140-3, LINCE, SESIP and others. Jose has worked as evaluator, tester, consultant and CC lab manager.
Jose is now Cybersecurity Business Unit Director at Applus+ Laboratories. Previously Jose was Co-Founder at jtsec Beyond It Security (now part of Applus+ group). His experience has led him to participate as a speaker and program director in various editions of the ICCC and ICMC and being appointed Editor by the European Commission for “IACS Cybersecurity certification” project and member of the SCCG (Stakeholder Cybersecurity Certification Group).
He has been involved in hundreds of security evaluations for different standards and technologies (Smart Cards, Security boxes, software, cryptographic modules, etc…).
Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). You can accept all cookies by pressing the "Accept" button or configure or reject their use. Consult our Cookies Policy for more information.
They allow the operation of the website, loading media content and its security. See the cookies we store in our Cookies Policy.
They allow us to know how you interact with the website, the number of visits in the different sections and to create statistics to improve our business practices. See the cookies we store in our Cookies Policy.