The newest laboratory, established at the National Institute of Telecommunications, is the IT Security Evaluation Facility (ITSEF)which operates along with the Cybersecurity Department (Z-4).
We work following the PN-EN ISO / IEC 17025: 2018-10 standard requirements and have been granted the AB1787 accreditation certificate issued on April 9, 2021, by the Polish Center for Accreditation.
ITSEF belongs to a small group of laboratories globally, officially accredited to carry out evaluations according to the Common Criteria reference standards (PN-EN ISO / IEC 15408 series standards) and Common Evaluation Methodology (PN-EN ISO / IEC 18045 standard). The Common Criteria reference standards define a set of stringent criteria against which a product can be evaluated in terms of:
- functional security,
- security architectures,
- product development environment,
- handling identified vulnerabilities in the product.
Creating an ITSEF compliant with the Common Criteria is of great importance for the Polish, regional, global economy and society. We have specialized equipment and highly qualified specialists who contribute to reliable and independent evaluations. We use innovative product research techniques, covering even the most advanced attacks on functional safety.
What do we do?
The laboratory performs cybersecurity and privacy evaluations and tests concerning ICT processes, products and services. We evaluate ICT products, both software and hardware and software components, in application areas such as:
- critical infrastructure - programmable controllers, VPN, wireless networks;
- IT infrastructure - IPSec, cryptographic modules, intrusion detection systems, anti-virus systems;
- public administration - passports, driving licenses;
- remote identification and authentication - electronic signature, electronic seal;
- healthcare - medical devices, doctor and patient cards;
- telecommunications and radio networks - network components and terminal equipment.
ITSEF activities are characterized by impartiality, independence and transparency. We ensure the confidentiality of evaluation results at a level so far unheard of in other laboratories because:
- we carry out evaluations in rooms that meet the highest global standards of technical security,
- we collect and store evaluation results in the laboratory's IT system, physically separated from other systems of the Institute and the Internet, and meeting the highest standards of ICT security,
- we implement and follow security procedures which, together with integrated electronic technical security systems and the laboratory's IT system, ensure full traceability, comparability and repeatability of every part of the tests.
Why is it worth choosing LOB?
- Accreditation of the Polish Center for Accreditation,
- Common Criteria compliance,
- Compliance with the PN-EN ISO / IEC 17025: 2018-10 standard,
- Ensuring the confidentiality of research results, respect for intellectual property rights and know-how,
- Innovations in the field of cybersecurity,
- Independent third side assessments, ensuring the quality required of an accredited laboratory, beyond the "trust me" statement
- Possibility to obtain a cybersecurity certificate for a product at the KSO3C certification body located at the NASK National Research Institute (NASK-PIB) (https://www.nask.pl/pl/dzialalnosc/c certyfikacja/3858,Certyfikaacja.html) after successfully passing the product safety assessment,
- Customer support, from the design phase to successfully completing a product security evaluation; we are with the client to quickly verify whether the innovation meets the rigours set by the security evaluation,
- Readiness Assessment to help you estimate the level of effort that is required to complete a product security evaluation successfully,
- Qualified and experienced evaluators,
- Evaluators who are active in the international arena, active participation in world conferences, including International Common Criteria Conference, ENISA Cybersecurity Certification Conference.
Due to the nature of our work, we respect the trust and commitment that our clients place in us every day, and we strive to best respond to their needs. We stimulate creative ideas and innovative ways of doing things, and at the same time, understand the balance between creativity and the rigour of security evaluation.
We invite you to cooperate with us!
Laboratorium Oceny Bezpieczeństwa Produktów Teleinformatycznych powstało w ramach projektu „Krajowy System Oceny i certyfikacji bezpieczeństwa produktów ICT zgodny z Common Criteria (KSO3C)”, finansowanego w ramach Programu Krajowego NCBiR „Cyberbezpieczeństwo i eTożsamość” (CyberSecIdent).