ABOUT US
Standardisation and Certification Centre of NASK, which operates within the NASK structure, acts as an accredited Certification Body. The Centre certifies products, processes, and services in the field of IT security (cybersecurity), as well as carries out the assessment and certification of competences.
Certification of Products
Certification of IT products is carried out for compliance with PN-EN ISO/IEC 15408 (1-5), i.e. Common Criteria CC:2022 Release 1, based on the IT Security Evaluation and Certification Scheme (PC1). Certification may cover IT products, IT systems, including cryptographic modules, or the so-called Protection Profiles, i.e. security specifications for a specific type of product.
On November 2, 2021, the NASK Certification Body obtained accreditation from the Polish Accreditation Center for product certification bodies (AC 223). Accreditation confirms that the management system implemented as part of the product certification process is consistent with the requirements of the standard for product certification bodies, i.e. PN-EN ISO/IEC 17065.
NASK represents Poland in international agreements on the recognition of Common Criteria certificates – SOG-IS and CCRA. In 2021, the Certification Body underwent an audit conducted by a team of experts representing both agreements. As a result of the audit, the compliance of the conducted activities with the requirements for Certification Bodies issuing Common Criteria certificates was confirmed. As a result, Poland joined the elite group of countries issuing Common Criteria certificates recognized in many European countries and around the world.
SOG-IS: https://www.sogis.eu/
CCRA: https://www.commoncriteriaportal.org/ccra/index.cfm
SOG-IS: https://www.sogis.eu/
CCRA: https://www.commoncriteriaportal.org/ccra/index.cfm
Certification of Processes
The NASK Certification Body launched the Fundamentals for Business Cybersecurity program in 2022, the key element of which is the certification of the cybersecurity management process. The program was launched for small and medium-sized enterprises that consciously use the possibilities of modern digital services and responsibly care for the security of their own business, as well as that of their Partners and Customers.
Two elements were implemented as part of the Program – the educational element and certification. Educational activities are conducted via the firmabezpiecznacyfrowo.pl portal and are aimed at preparing small and medium-sized enterprises to obtain the Fundamentals for Business Cybersecurity certificate. The portal includes a self-diagnosis survey, as a result of which the company receives an individual report containing tips on improving internal processes and implementing the necessary security measures.
In the next step, the company can apply for a certificate confirming compliance with the requirements relating to the cybersecurity management process. Pilot certification processes are currently underway. We invite companies interested in obtaining a certificate to contact us – when the pilot is completed, we will send information about the commencement of the recruitment of applications.
Certification of Competences
In 2024, the NASK Certification Body launched a pilot program for the certification of competences in the field of institutional cyber resilience, addressed to the management staff of entities subject to the NIS2 directive. The project is currently being piloted. If you are interested in taking part in the training and certification, please contact us – when the pilot is over, we will send information about the start of the recruitment of applications.