Insights and changes of the new EU Common Criteria and how they will impact North American vendors
The EUCC is a new certification scheme adopted by the EU in February 2024, designed to replace the Common Criteria in Europe. This certification scheme will become mandatory for critical security products with digital elements once the Cyber Resilience Act comes into force in the European Union. The EUCC introduces several changes to the traditional Common Criteria, including patch management and vulnerability handling. In this webinar, we will cover the EUCC scheme, the Cyber Resilience Act (CRA) and how both will affect developers of ITC products. This new scheme will impact North American vendors that now rely on NIAP Common Criteria-certified products to access the EU market.
EUCC vs CCRA/SOG-IS: new requirements, challenges and improvements
by Nuria Carrio, Cybersecurity Certification Director at Applus+ Laboratories
EUCC Challenges from an expert perspective
Open Discussion with Javier Tallón Director, at jtsec, and Lachlan Turner, Cyber Labs Director at Lightship Security. The Discussion will be moderated by Jose Francisco Ruiz, Director of Cybersecurity BU at Applus+ Laboratories.
Nuria Carrio, Cybersecurity Certification Director at Applus+ Laboratories
Nuria specializes in hardware security evaluations and has an extensive career that stretches over 14 years in the field. With deep expertise in technologies such as smart cards, secure elements, Trusted Execution Environments (TEE), and other similar hardware and embedded software solutions. She has a deep knowledge of evaluation high-level methodologies such as Common Criteria and EMVCo, standards, attack methods and vulnerability assessments.
Currently, she serves as leading the technical team in achieving compliance with emerging European standards in cybersecurity.
Lachlan Turner, Cyber Labs Director, at Lightship Security Applus+
Lachlan Turner is a founding partner of Lightship Security with over 20 years of experience in cybersecurity certifications. In November 2022 Lightship Security became part of Applus+, a worldwide leader in the testing, inspection, and certification industry.
As Director of Cyber Labs, Lachlan is responsible for all Common Criteria lines of business at Lightship Security including US and Canadian accredited laboratories. Lachlan brings a multifaceted expertise to the table, drawing from his diverse experience across various Schemes. His career spans technical roles as a certifier, evaluator, and consultant, complemented by leadership positions in business ownership and management. Lachlan is a former member of the Common Criteria Interpretation Management Board (CCIMB) and Common Criteria Users Forum (CCUF) Management Group.
Javier Tallón Director, at jtsec Applus+
Expert consultant on the Common Criteria standard, and other security assurance standards in the field of information technology (FIPS 140-3, LINCE, IEC 62443-4 or ETSI EN 303 645…). Javier has served as an evaluator in the Spanish CB for the country’s major evaluation labs. As a consultant, he has successfully accompanied national and international companies in several certification processes (to EAL6+). In 2015 he begins to lay the foundations of what will be jtsec.
He currently works as Director of the Granada evaluation lab. Recognized expert in several disciplines of cybersecurity, assumes the technical direction of most of the projects, directing and organizing the work of the team.
He is also former member of ENISA ad-hoc Working Group on SOG-IS successor scheme and contributed as editor of the ISO Patch Managemnt Technical Specification.
Jose Ruiz, Cybersecurity BU Director, at Applus+ Laboratories
Jose Francisco Ruiz Gualda, computer science graduate of Universidad de Granada, has more than 17 years’ experience in Cybersecurity Certification under different standards like CC, FIPS 140-3, LINCE, SESIP and others. Jose has worked as evaluator, tester, consultant and CC lab manager.
Jose is now Cybersecurity Business Unit Director at Applus+ Laboratories. Previously Jose was Co-Founder at jtsec Beyond It Security (now part of Applus+ group). His experience has led him to participate as a speaker and program director in various editions of the ICCC and ICMC and being appointed Editor by the European Commission for “IACS Cybersecurity certification” project and member of the SCCG (Stakeholder Cybersecurity Certification Group).
He has been involved in hundreds of security evaluations for different standards and technologies (Smart Cards, Security boxes, software, cryptographic modules, etc…).
Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). You can accept all cookies by pressing the "Accept" button or configure or reject their use. Consult our Cookies Policy for more information.
They allow the operation of the website, loading media content and its security. See the cookies we store in our Cookies Policy.
They allow us to know how you interact with the website, the number of visits in the different sections and to create statistics to improve our business practices. See the cookies we store in our Cookies Policy.