SOGIS

While the CCRA limits mutual recognition to intermediate levels of evaluation (up to EAL2), the so-called SOGIS MRA (Senior Officers Group for Information Systems, Mutual Recognition Agreement), was developed and signed in Europe which  looks for the recognition of highest security levels (up to EAL7 level).

SOGIS MRA was originally developed in the late nineties and is supported by an EU directive. It was signed by Spain from the beginning.

During the period 2008-2009, it was reactivated with Germany as secretary of the group, initiating contacts with European certification schemes, including the OC/CCN. During this reactivation, a new updated agreement was developed, SOGIS MRA v3. After its technical and legal review, in February 2010, the Secretary of State Director of the CNI signed it as the Director of the CCN's Certification Body.

Participants in this Agreement are organisations or government agencies from countries of the European Union or EFTA (European Free Trade Association), representing their country or countries. It covers the following domains:

  • Smartcards and Similar Devices - This IT-Technical Domain is related to smart cards and similar devices.
  • Hardware Devices with Security Boxes - This Technical Domain is related to products that comprises one or more printed circuit boards where its security functionality relies mostly on the physical casing of the product(a so-called Security Box”).