Technology Security Assurance (TSA)
Technology Security Assurance (TSA) is a national scheme initiated by CyberSecurity Malaysia (CSM). It is an assurance where ICT products are evaluated based on Mandatory Security Functional Requirements (MSFRs) developed by the Information Security Certification Body (ISCB).
Malaysia Security Evaluation Facility (MySEF) will perform Security Functionality Testing and Penetration Testing on the ICT products in identifying vulnerabilities and assist organizations in understanding and improving the security requirement of their ICT products.
Background
The ICT product that will be evaluated need to fulfil the requirement as stated in the Mandatory Security Function Requirement (MSFR). This form consist of 6 sections that need to fill in as follows:
- Section 1: Applicant’s Claims – the information in this section shall be filled in by the Applicant. The completeness and accuracy of the information is important in order to ensure that the application is accepted. Sub-section D in this section shall also be filled in by the evaluation team and certification team that summarises the evaluation findings for each claimed MSFR of the product.
- Section 2: SEF(s) Information – the information in this section shall be filled in by the SEF(s) assigned to conduct the security evaluation for this project. The information in this section is important to TSA Scheme Certification Body (TSACB) in order to ensure that the evaluation is conducted by the competent licensed SEF(s), and to ensure that each evaluation has a sound base and that the evaluation has a reasonable chance of completion.
- Section 3: Evaluation & Certification Summary Report – the information in this section shall be filled in by the SEF(s) assigned to conduct the evaluation and certification team for this project. This section provides the summary report of the evaluation and certification project conducted.
- Section 4: SEF(s) Recommendations – the information in this section shall be filled in by the SEF(s) assigned to conduct the evaluation. This section provides the Lead Evaluator(s) recommendations.
- Section 5: TSACB Review, Recommendations and Approval – the information in this section shall be filled in by the TSACB. This section provides the Lead Certifier recommendations and record the summary findings of the internal ISCB review.
- Section 6: Scheme Head Decision – the information in this section shall be filled in by the Scheme Head. This section provides the Scheme Head recommendations and record the decision whether to certify the product or not.