Rule no. 2.
For a confirmed non-compliance in the conditions under which the certification takes place and that are not related to an individual ICT product, the CB will proceed, under the control of its National Cybersecurity Certification Authority (NCCA), to the following:
- The identification of potentially impacted certified ICT products
- Request a series of evaluation tasks to be performed on one or more products by the Testing Laboratory/Evaluation Facility (ITSEF) which performed the evaluation, or any other that is in a better technical position to support that identification
- The analysis by the CB of evaluation reports, and/or the re-emission of certificates
If during this time non-compliance is corrected, the certificate will be either continued, renewed, or re-issued. But, if the problem can’t be handled, the certificate will be withdrawn.