Technology Security Assurance (TSA): Background

Technology Security Assurance (TSA)

Technology Security Assurance (TSA) is a national scheme initiated by CyberSecurity Malaysia (CSM). It is an assurance where ICT products are evaluated based on Mandatory Security Functional Requirements (MSFRs) developed by the Information Security Certification Body (ISCB).

Malaysia Security Evaluation Facility (MySEF) will perform Security Functionality Testing and Penetration Testing on the ICT products in identifying vulnerabilities and assist organizations in understanding and improving the security requirement of their ICT products.

Background

The ICT product that will be evaluated need to fulfil the requirement as stated in the Mandatory Security Function Requirement (MSFR). This form consist of 6 sections that need to fill in as follows:

1. Section 1: Applicant’s Claims – the information in this section shall be filled in by the Applicant. The completeness and accuracy of the information is important in order to ensure that the application is accepted. Sub-section D in this section shall also be filled in by the evaluation team and certification team that summarises the evaluation findings for each claimed MSFR of the product.
   
   
2. Section 2: SEF(s) Information – the information in this section shall be filled in by the SEF(s) assigned to conduct the security evaluation for this project. The information in this section is important to TSA Scheme Certification Body (TSACB) in order to ensure that the evaluation is conducted by the competent licensed SEF(s), and to ensure that each evaluation has a sound base and that the evaluation has a reasonable chance of completion.
   
   
3. Section 3: Evaluation & Certification Summary Report – the information in this section shall be filled in by the SEF(s) assigned to conduct the evaluation and certification team for this project. This section provides the summary report of the evaluation and certification project conducted.
   
   
4. Section 4: SEF(s) Recommendations – the information in this section shall be filled in by the SEF(s) assigned to conduct the evaluation. This section provides the Lead Evaluator(s) recommendations.
   
   
5. Section 5: TSACB Review, Recommendations and Approval – the information in this section shall be filled in by the TSACB. This section provides the Lead Certifier recommendations and record the summary findings of the internal ISCB review.
   
   
6. Section 6: Scheme Head Decision – the information in this section shall be filled in by the Scheme Head. This section provides the Scheme Head recommendations and record the decision whether to certify the product or not.

The objectives of TSA are as follows:

1. To increase local developers’ competitiveness in quality assurance for information security

2. To build consumers’ confidence and trust towards Malaysian ICT security products

3. To provide a product certification that will be a faster in term of evaluation and certification processes.

4. To provide a competitive product certification costs and pricing.

In no event will CyberSecurity Malaysia be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits resulting from the use or in any way connected with which may arise in connection with the provisions of the Services by CyberSecurity Malaysia.