OCSI - Italy's Common Criteria Scheme

OCSI, the Organismo di Certificazione della Sicurezza Informatica, is Italy’s national Common Criteria certification body. It operates under the Italian Cybersecurity Agency, Agenzia per la Cybersicurezza Nazionale (ACN), which took over Italy’s central cybersecurity functions in 2021.

Key facts

Authorizing body: Agenzia per la Cybersicurezza Nazionale (ACN)
Country / region: Italy
Year established: OCSI was established in 2003 to operate Italy’s national CC scheme
Product types: smart cards and ICs, network devices, software security products, payment-related TOEs
CCRA status: Certificate Authorizing Member; historically a SOG-IS authorizing member; designated EUCC certification authority in Italy
Canonical portal: https://www.ocsi.gov.it/

Overview

OCSI publishes Italy’s national CC certificates and the supporting evaluation reports. Italy was a long-standing participant in SOG-IS, the European mutual recognition arrangement that preceded EUCC, and OCSI is one of the national schemes folded into the EUCC framework under the EU Cybersecurity Act.

How evaluations work under this scheme

Evaluations are carried out by accredited Laboratori per la Valutazione della Sicurezza (LVS), Italy’s designation for an ITSEF. The LVS produces an Evaluation Technical Report which OCSI reviews and uses to issue the final Certification Report.

Notable product categories

Smart cards and embedded secure elements
Network and communications products
Software security products
Payment-related TOEs

Relationship to CC baseline

OCSI evaluations follow ISO/IEC 15408 and CC:2022. Italy participates in EUCC implementation across the EU and continues to issue national CC certificates under CCRA.

Where to find official records

OCSI certified products list: published on the OCSI portal
Canonical CCRA listings for Italy: https://www.commoncriteriaportal.org/products/
NenkinTracker normalizes OCSI records with those of other schemes for unified monitoring.