SN-CWA 14169:2004

ADOPTED_FROM:CWA 14169:2004 This document specifies the security requirements for a SSCD which is the TOE. It is formulated as a Protection Profile (PP) following the rules and formats of the Common Criteria [cc211]. SSCDs are mandatory for implementing signatures fulfilling the requirements of Article 5.1 of the EU Directive. Therefore, the use of such devices should be made evident. Visible signs making compliance evident are useful and contribute to confidence in products but are not covered by this document. Application of devices conforming to this standard shall require appropriate and adequately secure environment as set out in the requirements of the PP. The PP is an integral part of this document and included as normative Annex A. This document is applicable to determining conformance of SSCDs with the regulations set out in laws of the member states specifying security requirements of SSCDs. The document is also applicable to SSCDs consisting of more than one component. This is, for example, the case when the SCD are created within one component (e.g., a key generation device) and transferred to another component (e.g., a smart card). In such scenarios the key generation device also "implements" the SCD according to the definition from the EU Directive and thus forms part of the SSCD. The document is also applicable to signature-creation devices at a certification-service-provider (CSP) when creating signatures for certification services (e.g., signing certificates, timestamping, signing directories and revocations). The scope of the PP (i.e., the TOE) is illustrated in Figure 2. The TOE is represented by the SSCD including SCD/SVD generation, SCD storage, and signature-creation functionality. Although it is possible that the TOE includes additional functionality, such as the signature-creation application (SCA) or the certification generation application (CGA), the PP assumes the SCA to be part of the immediate environment of the TOE.