To receive a certificate, an ITSEF evaluation facility evaluates the product and reports the result to the certification body. The certification body verifies the result of the evaluation facility and issues a certificate if their findings are positive.
TÜV Rheinland Nederland B.V., as the Certification Body, certifies the security of IT products and systems in accordance with the procedures specified in the NSCIB scheme documentation and the evaluation standards, criteria and methodology listed in here. TÜV Rheinland Nederland B.V. will take into account, amongst other evidences, the evaluation technical reports issued by the ITSEF, licensed as laid out in part 3 of the NSCIB scheme documentation.
The security certification of a product means the recognition of the fulfilment of the security properties specified in its Security Target. The security certification of a product does not however mean or imply fitness for purpose under any particular scenario or environment of usage. To determine the applicability of certification results under the product's intended environment, the user should carefully read the Security Target.
Once a certificate has been granted, it is valid until it expires or is revoked; the latter of which happens with changes on the conditions or factors affecting the certificate such as technological advances, appearance of new vulnerabilities, non-fulfilment of the conditions to use the certificate, changes in the product, or explicit denial of the certificate requester. To ensure that current certificates are up to date the Certification Body performs routine inspections, audits and analysis on the certified products, their intended environment and the usage of the certificates themselves.
TÜV Rheinland Nederland B.V. is responsible for implementing and managing the Netherlands Scheme for Certification in the Area of IT Security (NSCIB).
TÜV Rheinland Nederland B.V. is a certification body accredited by the Dutch Accreditation Council (RvA) registered under C078 for the Common Criteria.
TÜV Rheinland Nederland B.V. is responsible for issuing all certificates and will publish all certificates issued under the Netherlands scheme in accordance with the conditions of the CCRA and SOG-IS MRA for international recognition.
TÜV Rheinland Nederland B.V. is responsible for licensing evaluation facilities for Common Criteria in accordance with the Netherlands scheme.
To become a licensed evaluation facility an application may be sent to TÜV Rheinland Nederland B.V.