The certification authority or repository must operate a trustworthy system. A system shall be regarded as trustworthy if it satisfies the most current adopted version of Common Criteria (CC) Protection Profile (PP) for Commercial Security 2 (CS2), (CCPPCS), developed and published by the National Institute of Standards and Technology (NIST). The determination whether a departure from CCPPCS is material is governed by part 8275.0070, subpart 2. For purposes of this chapter, CCPPCS shall be interpreted in a manner that is reasonable in the context in which a system is used and is consistent with other state and federal laws. Until the referenced standard is adopted by NIST, the standard applicable for purposes of this chapter shall be the draft of CCPPCS dated March 1998. The March 1998 draft and all subsequent revisions is incorporated by reference and is not subject to frequent change. The draft is available from the State Law Library and NIST at http://csrc.nist.gov/nistpubs/cc/pp/pplist.htm/#cs2.
23 SR 1352
October 27, 2003