What is MyTrustSEAL?

MyTrustSEAL is a collaboration of trustmark service between CSM and its partner. CSM provides its expertise in validating web application security and other partners may contribute their expertise based on their field work.

How much is the validation fee for the web certification?

You can view the fee here. Further clarification or inquiry, please contact us @MyTrustSEAL team.

What is the benefit in obtaining MyTrustSEAL certification?

MyTrustSEAL is a third party attestation to provides assurance that the company has taken an initiative to ensure their website is secure and comforms to the relevant law and regulations.

Who will be involved during the assessment process?

Prior to assessment, the company is required to identify the person in charge for the project to ease the communication with MyTrustSEAL evaluation team. During the assessment phase, the evaluation team also need to communicate with website administrator for any technical clarification.

What needs to be prepared upon the assessment process?

Before assessment process, the company need to submit a complete application form and to settle the necessary documents.

How do I maintain the certification validity?

MyTrustSEAL is a yearly validation. This is part of security requirement due to frequently changes in technology and information vulnerabilities. However, the company may contact MyTrustSEAL team to clarify on the service packages to maintain the MyTrustSEAL trust mark.

What will happen when the certification has expired?

Upon expiry of certification, there will be a reminder send to the company. If not continuation, the logo shall be removed from the website.

What if user have dispute with the certified company?

MyTrustSEAL only investigate to the complaints pertaining to the certification scope. Breaches to the certification policy, will result to suspend / revoke / removal of logo on the website.

What is MyCC scheme?

Malaysian Common Criteria Evaluation and Certification Scheme (MyCC Scheme) is a systematic process for evaluating and certifying the security functionality of ICT products against defined criteria or standards.

MyCC Scheme evaluates and certifies the security functionality within ICT products against International standard:

• ISO/IEC 15408 (Information technology -- Security techniques-- Evaluation criteria for IT security) also known as Common Criteria (CC) and;
• ISO/IEC 18405 (Information technology -- Security techniques-- Methodology for IT security evaluation) also known as Common Evaluation Methodology (CEM).

Malaysian Common Criteria Certification Body (MyCB) is a department under CyberSecurity Malaysia. The primary responsibility is to carrying out certification and overseeing day-to-day operation of the MyCC Scheme.

What is MyCC scheme mission?

MyCC Scheme mission is "to increase Malaysia's competitiveness in quality assurance of information security based on the Common Criteria (CC) standards and to build consumers' confidence towards Malaysian ICT products."

Who owns the MyCC scheme?

MyCC scheme is owned by CyberSecurity Malaysia.

Are there policies explaining the MyCC framework for CC evaluations?

The Malaysian Certification Body (MyCB) administers the regulations for conducting CC evaluations through the following MyCC Publications:

• PRODUCT_SP: MyCC Scheme Policy;
• MyCC_P2: MyCC Certified Product Register;
• ISCB_EFM: MyCC Scheme Evaluation Manual;

How can I contact the MyCB?

For more information about MyCC Scheme, please contact us.

Where can I get training on the MyCC Scheme?

We provide training for any parties that are interested to get training on the MyCC Scheme. You can view our training calender here.

What is MyCC Scheme Maintenance of Assurance?

Maintenance of assurance is a voluntary process that leverages a certified TOE baseline as changes are made to the certified TOE. The MyCC Scheme has adopted the CCRA compliant process for assurance continuity or for maintenance of assurance in a TOE certified within the MyCC Scheme and in conformance with MyCC Scheme Rules. This service provides customers with a cost effective method of maintaining a level of confidence in the security provided by a TOE as it is updated. Details of the MyCC Scheme Maintenance of Assurance service can be found in PRODUCT_SP: MyCC Scheme Policy.

What is the Common Criteria (CC)

Common Criteria (CC) was created to harmonise criteria produced by a number of nations including the United States (TCSEC), European (ITSEC) and Canada (CTCPEC) for carrying out security evaluations, into a single set of common criteria. The CC is now recognised as the ISO (International Organization for Standardization) standard, ISO/IEC 15408 (Information technology -- Security techniques-- Evaluation criteria for IT security), and regarded as the international benchmark for IT security evaluation criteria.

What is the Common Criteria Recognition Arrangement (CCRA) and mutual recognition?

Common Criteria Recognition Arrangement (CCRA) is a formal international arrangement between a great numbers of countries. This mutual recognition ensures that certificates issue by one of the member states certification body is recognised by all member states. This will helps vendors to cut their costs by having a single product or system evaluation which is recognisable by all participating nations. Common Criteria certifications from EAL1 to EAL4 are mutually recognised by all CCRA members. Further information about the CCRA can be found at http://www.commoncriteriaportal.org/

Which nations participate in the CCRA?

The CCRA membership includes CC certificate producing and certificate consuming nations. All CCRA participants are listed on the CC portal with the name and contact details of each CC scheme, which can be found at http://www.commoncriteriaportal.org/.

What is an Evaluation Assurance Level (EAL)?

Common Criteria (CC) operates the concept of assurance levels which is called Evaluation Assurance Level (EAL). For CC, the levels are EAL1 to EAL7. These scales represent ascending levels of confidence that can be placed in the ICT product which corresponded with security objectives. The higher the EAL the greater the degree of rigour is applied in assessing whether the ICT product has met its security requirements.

What is Assurance Continuity?

The purpose of Assurance Continuity is to enable developers to provide assured products to the IT consumer community in a timely and efficient manner. The awarding of a Common Criteria evaluation certificate signifies that all necessary evaluation work has been performed to convince the evaluation authority that the TOE meets all the defined assurance requirements as grounds for confidence that an IT product or system meets its security objectives. Assurance Continuity recognises that as changes are made to a certified TOE or its environment, evaluation work previously performed need not be repeated in all circumstances. Assurance Continuity therefore defines an approach to minimising redundancy in IT Security evaluation, allowing a determination to be made as to whether independent evaluator actions need to be re-performed.

Where can I find more information about CC, CCRA and products that had been certified by other schemes?

Common Criteria Portal contains current information regarding the official version of the CC, Common Evaluation Methodology (CEM), CCRA, certified products and Protection Profiles, interpretations and other supporting documents.