About us
Standardisation and Certification Centre of NASK-PIB which operates within the NASK-PIB structure, acts as an accredited Certification Body. The Center certifies products, processes and services in the field of IT security (cybersecurity), as well as caries out the assessment and certification of competences.
Certification of products
Certification of IT products itself is carried out for compliamnce with PN-EN ISO/IEC 15408(1-5), i.e. Common Criteria CC:2022 Release 1 basing on the IT Security Evaluation and Certification Scheme (PC1). Certification may cover IT products, IT systems, including cryptographic modules, or the so-called Protection Profiles, i.e. security specifications for a specific type of product.
On November 2, 2021, the NASK-PIB Certification Body obtained accreditation from the Polish Accreditation Center for product certification bodies (AC 223). Accreditation confirms that the management system implemented as part of the product certification process is consistent with the requirements of the standard for product certification bodies, i.e. PN-EN ISO/IEC 17065.
NASK represents Poland in international agreements on the recognition of Common Criteria certificates – SOG-IS and CCRA. In 2021, the Certification Body underwent an audit conducted by a team of experts representing both agreements. As a result of the audit, the compliance of the conducted activities with the requirements for Certification Bodies issuing Common Criteria certificates was confirmed. As a result, Poland joined the elite group of countries issuing Common Criteria certificates recognized in many European countries and around the world.
SOG-IS: https://www.sogis.eu/
CCRA: https://www.commoncriteriaportal.org/ccra/index.cfm
SOG-IS: https://www.sogis.eu/
CCRA: https://www.commoncriteriaportal.org/ccra/index.cfm
Certification of processes
The NASK-PIB Certification Body launched the Fudamentals for Business Cybersecurity program in 2022, the key element of which is the certification of the cybersecurity management process. The program was launched for small and medium-sized enterprises that consciously use the possibilities of modern digital services and responsibly care for the security of their own business, as well as that of their Partners and Customers.
Two elements were implemented as part of the Program – educational element and certification. Educational activities are conducted via the firmabezpiecznacyfrowo.pl portal and are aimed at preparing small and medium-sized enterprises to obtain the Fudamentals for Business Cybersecurity certificate. The portal includes a self-diagnosis survey, as a result of which the company receives an individual report containing tips on improving internal processes and implementing the necessary security measures.
In the next step, the company can apply for a certificate confirming compliance with the requirements relating to the cybersecurity management process. Pilot certification processes are currently underway. We invite companies interested in obtaining a certificate to contact us – when the pilot is completed, we will send information about the commencement of the recruitment of applications.
Certification of competences
In 2024, the NASK-PIB Certification Body launched a pilot program for certification of competences in the field of institutional cyber resilience addressed to the management staff of entities subject to the NIS2 directive. The project is currently being piloted. If you are interested in taking part in the training and certification, please contact us – when the pilot is over, we will send information about the start of the recruitment of applications.