(2) Java Card System - Open Configuration, V3.0.5 BSI-CC-PP-0099-2017;
(3) Java Card System - Closed Configuration, BSI-CC-PP-0101-2017;
(4) PP for a PC Client Specific Trusted Platform Module Family 2.0 Level 0 Revision 1.16, ANSSI-CC-PP-2015/07;
(5) Universal SIM card, PU-2009-RT-79, ANSSI-CC-PP-2010/04;
(6) Embedded UICC (eUICC) for Machine-to-Machine Devices, BSI-CC-PP-0089-2015;
(e) for the category of points of (payment) interaction and payment terminals:
(1) Point of Interaction "POI-CHIP-ONLY", ANSSI-CC-PP-2015/01;
(2) Point of Interaction "POI-CHIP-ONLY and Open Protocol Package", ANSSI-CC-PP-2015/02;
(3) Point of Interaction "POI-COMPREHENSIVE", ANSSI-CC-PP-2015/03;
(4) Point of Interaction "POI-COMPREHENSIVE and Open Protocol Package", ANSSI-CC-PP-2015/04;
(5) Point of Interaction "POI-PED-ONLY", ANSSI-CC-PP-2015/05;
(6) Point of Interaction "POI-PED-ONLY and Open Protocol Package", ANSSI-CC-PP-2015/06;
(f) for the category of hardware devices with security boxes:
(1) Cryptographic Module for CSP Signing Operations with Backup - PP CMCSOB, PP HSM CMCSOB 14167-2, ANSSI-CC-PP-2015/08;
(2) Cryptographic Module for CSP key generation services - PP CMCKG, PP HSM CMCKG 14167-3, ANSSI-CC-PP-2015/09;
(3) Cryptographic Module for CSP Signing Operations without Backup - PP CMCSO, PP HSM CMCKG 14167-4, ANSSI-CC-PP-2015/10.
ANNEX IV
Assurance continuity and certificate review
IV.1
Assurance continuity: scope
1.
The following requirements for assurance continuity apply to the maintenance activities related to the following:
(a) a re-assessment if an unchanged certified ICT product still meets its security requirements;
(b) an evaluation of the impacts of changes to a certified ICT product on its certification;
(c) if included in the certification, the application of patches in accordance with an assessed patch management process;
(d) if included, the review of the certificate holder’s lifecycle management or production processes.
2.
The holder of an EUCC certificate may request the review of the certificate in the following cases:
(a) the EUCC certificate is due to expire within nine months;
(b) there has been a change either in the certified ICT product or in another factor which could impact its security functionality;
(c) the holder of the certificate demands that the vulnerability assessment is carried out again in order to reconfirm the EUCC certificate’s assurance associated with the ICT product’s resistance against present cyberattacks.
IV.2
Re-assessment
1.
Where there is a need to assess the impact of changes in the threat environment of an unchanged certified ICT product, a re-assessment request shall be submitted to the certification body.
2.
The re-assessment shall be carried out by the same ITSEF that was involved in the previous evaluation by reusing all its results that still apply. The evaluation shall focus on assurance activities which are potentially impacted by the changed threat environment of the certified ICT product, in particular the relevant AVA_VAN family and in addition the assurance lifecycle (ALC) family where sufficient evidence about the maintenance of the development environment shall be collected again.
3.
The ITSEF shall describe the changes and detail the results of the re-assessment with an update of the previous evaluation technical report.
4.