Security Product Assurance
Security Product Assurance (SPA) is a programme to instil a vibrant infocomm security ecosystem for IT security certification in Singapore, with the following major targets:
-
Prepare the ground (e.g. by lowering the barriers through national certification scheme and providing
learning tools and information materials
)
-
Allow differentiating factors for SCCS
-
Promote international best practices (e.g. certification and adopting international standards)
Under SPA, all schemes are in alignment with each other and provide extensions or support for each other. Therefore they share a common core of principles, terminology, model, and approach. This core is based on the Common Criteria (CC), an international standard for IT security product evaluations and certifications.
Since 2005, Singapore is a member of the CCRA and recognises CC-certificates from authorised and certificate issuing members. Additionally, IDA operates a Certification Body (CB), which is responsible for all schemes and certifications under SPA.
The SCCS Scheme, which is the core of SPA, will provide international recognition for the certificates in the near future. The SCCS is a critical part of IDA's effort to enable and certify the development of internationally compliant security products in Singapore. "Its establishment is also one of the strategic thrusts under the Infocomm Security Masterplan to build capabilities that can defend Singapore's critical infrastructure from cyber attacks, and to maintain a secure infocomm environment for the government, businesses and individuals."
SPA currently provides the following certification schemes:
Simplified Security Criteria (SSC)
Updated - Aug 12
Singapore Common Criteria Evaluation and Certification Scheme (SCCS)
Updated - Apr 12
|
Fees Announcement
|
|
The fee structure for certifications under SPA has been revised. The fee revision is effective for project acceptance from 01 February 2012. While SSC will involve a flat fee, SCCS will involve different fees based on the certification scope (instead of the previous flat fee). Products undergoing 'higher' re-certification (within SCCS or from SSC to SCCS) will be entitled to a one-time discount based on the fee paid for the previous certification.
|
|
Simplified Security Criteria (SSC)
|
|
Certification fee for Security Target (ST) only and Security Target/Target of Evaluation (TOE)
|
SGD 2,500 and 7% GST
|
|
Singapore Common Criteria Evaluation and Certification Scheme (SCCS)
|
Certification fee for Security Target (ST)/Target of Evaluation (TOE):
EAL1, EAL2
EAL3, EAL4
|
SGD 6,500 and 7% GST
SGD 12,500 and 7% GST
|
|
Certification fee for Protection Profile (PP)
|
SGD 3,000 and 7% GST
|
Assurance Continuity with major changes (requiring re-evaluation):
EAL1, EAL2
EAL3, EAL4
|
SGD 6,500 and 7% GST
SGD 12,500 and 7% GST
|
|
Assurance Continuity with minor changes (certificate maintenance)
|
SGD 2,500 and 7% GST
|
For a limited period of time, certification fees (which exclude any travel expenses of the CB staff outside Singapore) for both SCCS and SSC will be waived for new product certifications. To qualify, the application must reach the CB by 31 January 2013. The waiver of certification fee applies to both local and international projects.
NEW: The qualification period for this waiver is extended until 31 January 2014.
Additionally, overseas travel expenses for CB staff may be waived under SCCS for up to 3 projects, where the project is assessed by the CB as suitable for being used for assessment under CCRA. Vendors who wish to apply for this additional waiver must indicate that they are submitting a request for waiver of overseas travel cost for the CB as part of the certification application package. This additional waiver will be considered on a first-come-first-serve basis for applications reaching the CB before 31 December 2012.
NEW: The qualification period for this waiver is extended until 30 June 2013.
|