BILISIM TEKNOLOJILERI TEST VE BELGELENDIRME DAÏRESI BASKANLIGI / Doküman No |BTBD-03-01-FR-01 INFORMATION TECHNOLOGIES TEST AND CERTIFICATION DEPARTMENT CCCS CERTIFICATION REPORT ae eee Revigon tari [29/04/2016 [dos Certification Report EAL 4+ (ADV_IMP.2, ALC_CMC.5, ALC_DVS.2, AVA_VAN.5 and ALC_FLR.2) Evaluation of Güvenpark Bilisim Teknolojileri Ar-GE Tic. Ltd. Sti. ProCrypt KM-3000 Hardware Security Module v1.0 issued by Turkish Standards Institution Common Criteria Certification Scheme Certificate Number: 21.0.03/TSE-CCCS-61 Sayfa 1/15 Bu dokümanın güncelligi, elektronik ortamda TSE Dokiiman Yénetim Sisteminden takip edilmelidir. BILISIM TEKNOLOJILERI TEST VE BELGELENDIRME DAÏRESI BASKANLIGI / \Dokiman No |BTBD-03-01-FR-01 INFORMATION TECHNOLOGIES TEST AND CERTIFICATION DEPARTMENT CCCS CERTIFICATION REPORT Yayın Tarihi |30/07/2015 Revizyon Tarihi |29/04/2016 |Na 05 TABLE OF CONTENTS TABLE OF CONTENTS sen 2 DOCUMENT INFORMATION nn 3 DOCUMENT CHANGE LOG... nine 3 DISCLAIMER .. FOREWORD... RECOGNITION OF THE CERTIFICATE.. 1 - EXECUTIVE SUMMARY.........ccssessesesseseesscesseenseeensenssnensceensessseanesseseassasessssssecesensnsseesuacacsasuceessersasenseneasense 7 1.1 TOE OVRr VIEW sens sans eee Do EVER RENE EN ESSAI 7 1.2) Threats ..... pesessncenncenonssesnwosronsoonsayniresa onesesxan oss i8h 9S CLRDREAKDIEEL ANSI AOE CBLRT ORS ODNEDASEONCOINEANENARSEPRUETS 7 2 CERTIFICATION RESULTS sisssssesssccasensirescacesevavecscstssovessssenstsceveasuensslseveasevissesswaessiueessssssossesttesonessaisaiansssniiees 8 2.1 Identification of Target of Evaluation . 2.2 Security Policy... 2.3 Assumptions and Clarification of Scope . 2.4 Architectural Information sine 9 2.4.1 Logical SCOPE sine verser 00 0 SE GORE SNS SOS 9 2.4.2 Physical Scope 2.5 Documentation. 2.6 IT Product Testing... 12 2.7 Evaluated Configuration... 2.8 Results of the Evaluation 2.9 Evaluator Comments / Recommendation 3 SECURITY TARGET 4 4 BIBLIOGRAPHY 5 Sayfa 2/15 Bu dokiimanin giincelligi, elektronik ortamda TSE Dokiiman Yönetim Sisteminden takip edilmelidir. Cc. 4 ‘ 7 Ze BILISIM TEKNOLOJILERI TEST VE BELGELENDIRME DAiRESi BASKANLIGI / INFORMATION TECHNOLOGIES TEST AND CERTIFICATION DEPARTMENT Doküman No |BTBD-03-01-FR-01 > CCCS CERTIFICATION REPORT |Yayın Tarihi |30/07/2015 29/04/2016 Ind os |Revizyon Tarihi DOCUMENT INFORMATION Date of Issue July 10th, 2019 Approval Date July 10th, 2019 Certification Report Number _| 21.0.03/18-007 | Sponsor and Developer Güvenpark Bilisim Teknolojileri Ar-GE Tic. Ltd. Sti. Evaluation Facility Beam Technology Test Center TOE ProCrypt KM-3000 Hardware Security Module v1.0 Pages 15 Prepared by Cem ERDIVAN Common Criteria Inspection Expert C Ch Reviewed by Zümrüt MÜFTÜOGLU Common Criteria Technical Responsible (Hadware Product Group) 7 This report has been prepared by the Certification Expert and reviewed by the Technical Responsible of which signatures are above. DOCUMENT CHANGE LOG Release Date | Pages Affected Remarks/Change Reference 1.0 July 10th, 2019 [AI First Release Sayfa 3/15 Bu dokümanın güncellißi, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir. BiLISiM TEKNOLOJILERI TEST VE BELGELENDIRME DAÏRESI BASKANLIGI / Dokiman No |BTBD-03-01-FR-01 INFORMATION TECHNOLOGIES TEST AND CERTIFICATION DEPARTMENT CCCS CERTIFICATION REPORT ata pees Revigon‘tarni [29/04/2016 [Naf os DISCLAIMER This certification report and the IT product in the associated Common Criteria document has been evaluated at an accredited and licensed evaluation facility conformance to Common Criteria for IT Security Evaluation, version 3.1,revision 5, using Common Methodology for IT Products Evaluation, version 3.1, revision 5. This certification report and the associated Common Criteria document apply only to the identified version and release of the product in its evaluated configuration. Evaluation has been conducted in accordance with the provisions of the CCCS, and the conclusions of the evaluation facility in the evaluation report are consistent with the evidence adduced. This report and its associated Common Criteria document are not an endorsement of the product by the Turkish Standardization Institution, or any other organization that recognizes or gives effect to this report and its associated Common Criteria document, and no warranty is given for the product by the Turkish Standardization Institution, or any other organization that recognizes or gives effect to this report and its associated Common Criteria document. yy Sayfa 4/15 Bu dokiimanin giincelligi, elektronik ortamda TSE Dokiiman Yönetim Sisteminden takip edilmelidir. a‘ BiLiSiM TEKNOLOJILERi TEST VE BELGELENDIRME DAÏRESI BASKANLIGI / Doküman No _|BTBD-03-01-FR-01 INFORMATION TECHNOLOGIES TEST AND CERTIFICATION DEPARTMENT CCCS CERTIFICATION REPORT |Yayın Tarihi |30/07/2015 IRevizyon Tarini [29/04/2016 Nd 0s FOREWORD The Certification Report is drawn up to submit the Certification Commission the results and evaluation information upon the completion of a Common Criteria evaluation service performed under the Common Criteria Certification Scheme. Certification Report covers all non-confidential security and technical information related with a Common Criteria evaluation which is made under the ITCD Common Criteria Certification Scheme. This report is issued publicly to and made available to all relevant parties for reference and use. The Common Criteria Certification Scheme (CCSS) provides an evaluation and certification service to ensure the reliability of Information Security (IS) products. Evaluation and tests are conducted by a public or commercial Common Criteria Evaluation Facility (CCTL = Common Criteria Testing Laboratory) under CCCS’ supervision. CCEF is a facility, licensed as a result of inspections carried out by CCCS for performing tests and evaluations which will be the basis for Common Criteria certification. As a prerequisite for such certification, the CCEF has to fulfill the requirements of the standard ISO/IEC 17025 and should be accredited by accreditation bodies. The evaluation and tests related with the concerned product have been performed by Beam Technology Testing Facility, which is a commercial CCTL. A Common Criteria Certificate given to a product means that such product meets the security requirements defined in its security target document that has been approved by the CCCS. The Security Target document is where requirements defining the scope of evaluation and test activities are set forth. Along with this certification report, the user of the IT product should also review the security target document in order to understand any assumptions made in the course of evaluations, the environment where the IT product will run, security requirements of the IT product and the level of assurance provided by the product. This certification report is associated with the Common Criteria Certificate issued by the CCCS for ProCrypt KM-3000 Hardware Security Module v1.0 whose evaluation was completed on July 7", 2019 and whose evaluation technical report was drawn up by Beam Technology (as CCTL), and with the Security Target document with version no 1.0 of the relevant product. The certification report, certificate of product evaluation and security target document are posted on the ITCD Certified Products List at bilisim.tse.org.tr portal and the Common Criteria Portal (the official web site of the Common Criteria Project). of Ue Sayfa 5/15 Bu dokümanın güncelligi, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir. BILISIM TEKNOLOJILERI TEST VE BELGELENDIRME DAÏRESI BASKANLIGI / Doküman No |BTBD-03-01-FR-01 INFORMATION TECHNOLOGIES TEST AND CERTIFICATION DEPARTMENT |Yayın Tarihi |30/07/2015 CCCS CERTIFICATION REPORT RoigTa [29/04/2016 [No] os RECOGNITION OF THE CERTIFICATE The Common Criteria Recognition Arrangement logo is printed on the certificate to indicate that this certificate is issued in accordance with the provisions of the CCRA. The CCRA has been signed by the Turkey in 2003 and provides mutual recognition of certificates based on the CC evaluation assurance levels up to and including EAL2. The current list of signatory nations and approved certification schemes can be found on: htip://www.commoncriteriaportal.org. ag N Sayfa 6/15 Bu dokümanın güncelligi, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir. BILISIM TEKNOLOJILERI TEST VE BELGELENDIRME DAÏRESI BASKANLIGI / Doküman No |BTBD-03-01-FR-01 INFORMATION TECHNOLOGIES TEST AND CERTIFICATION DEPARTMENT CCCS CERTIFICATION REPORT ayin Tarihi |30/07/2015 Revizyon Tarihi_|29/04/2016 Na} 05 1 - EXECUTIVE SUMMARY 1.1 TOE Overview The TOE is a general purpose hardware security module (HSM) which provides cryptographic processing (encryption/decryption, signature generation/verification, message digest generation/verification, MAC generation/verification), key generation and key management services to connected host systems, which might be SSL/TLS web servers, application servers, authentication servers and other IT systems that need secure storage of cryptographic keys and secure use of cryptographic operations. The TOE communicates with host systems through its network interface (100/1000 Base-T) and PKCS#11 protocol. This enables integration to either existing system environments or future projects, for wide range of applications. In addition to the ethernet interface, a smartcard interface (ISO7876) is also available for importing/exporting cryptographic keys and for user authentication using smartcards. The TOE is physically defined as a set of hardware and firmware, which is contained within the cryptographic boundary. The TOE is in system on module (SOM) form with a card edge connection and it is typically located within a custom carrier/host system(non-TOE). The TOE has a tamper resistant casing and constantly monitors against physical tamper attempts that including drilling, breaking or removing its casing. The whole module, except the card edge connection area, is covered by the mentioned tamper resistant casing and hard, opaque potting material (epoxy resin) is also used to fill the gap between the module electronics and the casing. Additionally, the TOE also monitors temperature and input voltage, to harden its tamper resistance capability. Optionally, the TOE can be configured to output a separate tamper trigger signal, which can be used to protect case of its carrier/host system, making it difficult to open its enclosure without detection. The TOE zeroizes plaintext key material and security parameters in case of a tamper event. The TOE records audit logs for all operational events and security relevant events. Figure 1 - TOE 1.2 Threats Threats are provided in Section 3.2 of Security Target Document v1.0. Sayfa 7/15 Bu dokümanın güncelligi, elektronik ortamda TSE Dokiiman Yénetim Sisteminden takip edilmelidir. BILISIM TEKNOLOJILERI TEST VE BELGELENDIRME DAÏRESI BASKANLIGI / INFORMATION TECHNOLOGIES TEST AND CERTIFICATION DEPARTMENT Doküman No |BTBD-03-01-FR-01 m CCCS CERTIFICATION REPORT 30/07/2015 29/04/2016 ayin Tarihi |Revizyon Tarihi Na 05 2 CERTIFICATION RESULTS 2.1 Identification of Target of Evaluation Certificate Number 21.0.03/TSE-CCCS-61 TOE Name and Version ProCrypt KM-3000 Hardware Security Module v1.0 Security Target Title ProCrypt KM-3000 Hardware Security Module v1.0 Security Target Security Target Version v1.0 Security Target Date July 10th, 2019 Assurance Level EAL4+ (ADV_IMP.2, ALC_CMC.5, ALC_DVS.2, AVA_VAN.5 and ALC_FLR.2) Criteria e Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and General Model; CCMB- 2012-09-001, Version 3.1, Revision 5, April 2017 e Common Criteria for Information Technology Security Evaluation, Part 2: Security Functional Components; CCMB- 2012-09-002, Version 3.1 Revision 5, April 2017 e Common Criteria for Information Technology Security Evaluation, Part 3: Security Assurance Components; CCMB- 2012-09-003, Version 3.1 Revision 5, April 2017 Methodology Common Criteria for Information Technology Security Evaluation, Evaluation Methodology; CCMB-2012-09-004, Version 3.1, Revision 5, April 2017 Protection Profile Conformance None Common Criteria Conformance e Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and General Model, Version 3.1, Revision 5, April 2017 e Common Criteria for Information Technology Security Evaluation, Part 2: Security Functional Components, Version 3.1, Revision 5, April 2017, conformant e Common Criteria for Information Technology Security Evaluation, Part 3: Security Assurance Components, Version 3.1, Revision 5, April 2017, conformant Sponsor and Developer Güvenpark Bilisim Teknolojileri Ar-GE Tic. Ltd. $ti. Evaluation Facility Beam Technology Test Center Certification Scheme TSE CCCS 2.2 Security Policy TOE Security Policy consists of security functions described in section 2.4.1 Logical Scope. 2.3 Assumptions and Clarification of Scope Please refer to Security Target Document v1.0 Section 3.3 for OSPs and Section 3.4 for Assumptions. UN Sayfa 8/15 er Bu dokümanın güncelligi, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir. CERTIFICATION DEPARTMENT BiLisiM TEKNOLOJILERI TEST VE BELGELENDIRME DAÏRESI BASKANLIGI / Doküman No |BTBD-03-01-FR-01 <> INFORMATION TECHNOLOGIES TEST AND ayin Tarihi = {30/07/2015 CCCS CERTIFICATION REPORT ReimonTarni [29/04/2016 ]Nd os 2.4 Architectural Information 2.4.1 Logical Scope Security Function Description User Authentication The TOE provides pre-defined user roles and each user role has access to certain TOE functionality. Secure Key Management The TOE provides functionality to securely generate, store, exchange, use and destroy cryptographic keys for supported cryptographic functions. Cryptographic Services The TOE provides access to several cryptographic algorithms such as asymmetric and symmetric encryption algorithms, hash algorithms, key generation algorithms and signature generation and verification algorithms. A full list of the supported cryptographic algorithms is provided in the Security Target Document. Auditing The TOE has a logging mechanism to record significant events along with date/time information and status code. Self-Test The TOE performs various self-tests on system start up and provides the ability to re-run the same tests on user request. The self-tests are performed to verify functionality of the TOE’s hardware components, cryptographic IP cores and soft cores and integrity of the firmware packages and other software. Tamper Detection The TOE has tamper detection mechanisms and it is designed to destroy content of its secure memory in case of tamper detection. The tamper detection mechanisms are battery backed and continues to operate when the system power is lost. Sayfa 9/15 Cf Bu dokümanın güncelligi, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir. INFORMATION TECHNOLOGIES TEST AND BILISIM TEKNOLOJILERI TEST VE BELGELENDIRME DAÏRESI BASKANLIGI / Dokiman No |BTBD-03-01-FR-01 CERTIFICATION DEPARTMENT > |Yayın Tarihi [30/07/2015 |Revizyon Tarihi [29/04/2016 |No) 05 CCCS CERTIFICATION REPORT 2.4.2 Physical Scope 32 MB aspı NOR Flash 4 68 eMMC NAND Flash ETES | Denn + + 1 GB DDR3 r RAM 2 7 Security + Monitor # > ‘Smart Card L Controller GbETHPHY + ES Re ; +) > DUT Gireuit Figure 2— TOE Hardware Architecture Component Description Processing System Processing system is a microcontroller which consists of dual core CPUs (Central Processing Unit) and auxiliary units like memory interface units, storage elements and I/O peripherals. It runs main firmware of the TOE and is responsible of management of all other hardware components. In addition, the processing system has a key memory to store firmware encryption key which is backed by the battery. FPGA FPGA hosts cryptographic IP cores which are used to accelerate cryptographic operations. QSPI NOR Flash NOR Flash is used to store bootloader files in addition to some system configuration files which are needed on system startup. eMMC NAND It is used to store filesystem of the operating system(OS). All cryptographic keys, key Flash components and CSPs are encrypted using master key and also stored in the NAND memory. USB 2.0 PHY It is a physical layer interface component which generates USB 2.0 compliant electrical interface, in order to enable the processing system to communicate with Sayfa 10/15 Bu dokümanın güncelligi, elektronik ortamda TSE Dokiiman Yénetim Sisteminden takip edilmelidir. c.g 7 BILISIM TEKNOLOJILERI TEST VE BELGELENDIRME DAÏRESI BASKANLIGI / Dokiiman No |BTBD-03-01-FR-O1 <> INFORMATION TECHNOLOGIES TEST AND CERTIFICATION DEPARTMENT CCCS CERTIFICATION REPORT even Tari Poren RoigyonTarii [29/04/2016 [Nd os USB devices. 1 Gb ETH PHY It is a physical layer interface component which enables the processing system to communicate over computer networks. RTC Real time clock component is used to provide date/time information to the system. It is battery backed to retain data/time information when system power is lost. Secure Memory Secure memory is used to store master key of the device. It is battery backed to retain its content when system power is lost. It is able to rapidly destroy stored key data when tamper alarm signal is received by the security monitor. Security Monitor It constantly monitors the mesh layers and makes sure that they are physically intact. It also monitors module temperature and voltage supply inputs to detect abnormal events. In case of tamper event detection, it broadcasts an alarm signal. It is battery backed and continues its operation when system power is lost. Smart Card It is an interface component that enables the processing system to communicate with Controller smart cards. EEPROM It stores constant and unique module identification data which are set during manufacturing. Battery It is used to provide power to volatile memory components and security monitor, when system power is not present. Mesh Layer It provides protection against possible electrical and mechanical attacks. It covers the whole module electronics and enables the module to detect physical damage. Power Circuit It consists of several power regulators, power supervisor circuits and auxiliary components that regulate and monitor the power rails. Software and IP components of the TOE are listed below: e Processing System Bootloader Operating System Device Drivers Firmware Packages FPGA IP Cores Secure SoC Bootloader Secure SoC Firmware 2.5 Documentation These documents listed below are provided to customer by the developer alongside the TOE: Document Name | Version | Release Date ProCrypt KM-3000 Hardware Security Module v1.0 Security Target | v1.0 July 10, 2019 Key Management Manual v1.0 April 5, 2019 KM-3000 Manager Installation Manual v1.0 May 8, 2019 Command Reference Manual v1.0 December 22, 2018 Management Manual v1.0 May 3, 2019 Sayfa 11/15 Bu dokümanın güncelligi, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir. fa cs 7 BiLiSiM TEKNOLOJILERI TEST VE BELGELENDIRME DAÏRESI BASKANLIGI / Doküman No |BTBD-03-01-FR-01 INFORMATION TECHNOLOGIES TEST AND CERTIFICATION DEPARTMENT CCCS CERTIFICATION REPORT (eave Tart [ee Revizyon Tarihi 29/04/2016 No 05 2.6 IT Product Testing e Developer Testing: All TSFIs and subsystem/module behaviors have been tested by developer. Developer has conducted 21 functional tests in total. e Evaluator Testing: Evaluator has conducted all 21 developer tests. Additionally, evaluator has prepared 11 independent tests. TOE has passed all 32 functional tests to demonstrate that its security functions work as it is defined in the ST. e Penetration Tests: TOE has been tested against common threats and other threats surfaced by vulnerability analysis. As a result, 9 penetration tests have been conducted. TOE proved that it is resistant to attackers with “High Attack Potential”. 2.7 Evaluated Configuration TOE configuration: ProCrypt KM-3000 Hardware Security Module v1.0 Hardware and software requirements for “ProCryptManager Setup (non-TOE management software)” are listed below: e Operating System: o Microsoft Windows 7 or higher (x86 and x64) o Microsoft Windows Server 2012 or higher (x64) o Linux (x64) Processor: 1.5 GHz, 2 cores or higher Memory: 2 GB RAM for x86 systems, 4 GB RAM for x64 systems HDD: 500 MB of free disk space Network interface 2.8 Results of the Evaluation The verdict for the CC Part 3 assurance components (according to EAL4+ (ADV_IMP.2, ALC_CMC.5, ALC _DVS.2, AVA_VAN.5 and ALC _FLR.2) and the security target evaluation) is summarized in the following table: Class Heading Class Family | Description Result ADV: ADV_ARC.l | Security architecture description PASS Development ADV_FSP.4 | Complete functional specification PASS ADV_IMP.2 | Complete mapping of the implementation representation of | PASS the TSF ADV_TDS.3 | Basic modular design PASS AGD: AGD_OPE.1 _| Operational user guidance PASS Guidance AGD_PRE.1 | Preparative procedures PASS Documents ALC: ALC_CMC.5 | Advanced support PASS Sayfa 12/15 Bu dokümanın güncelligi, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir. cc / LA BILISIM TEKNOLOJILERI TEST VE BELGELENDIRME DAÏRESI BASKANLIGI / Doküman No |BTBD-03-01-FR-01 <> INFORMATION TECHNOLOGIES TEST AND CERTIFICATION DEPARTMENT CCCS CERTIFICATION REPORT eee Revigon Tanti [29/04/2016 Ind os Class Heading Class Family | Description Result Lifecycle Support | ALC_CMS.4_| Problem tracking CM coverage PASS ALC DEL.1 | Delivery procedures PASS ALC_DVS.2__| Sufficiency of security measures PASS ALC_LCD.1 Developer defined life-cycle model PASS ALC_TAT.1 Well-defined development tools PASS ALC_FLR.2 Flaw reporting procedures PASS ASE: ASE CCL.1 Conformance claims PASS Security Target ASE_ECD.1 Extended components definition PASS evaluation ASE_INT.1 ST introduction PASS ASE OBJ.2 Security objectives PASS ASE REQ.2 Derived security requirements PASS ASE_SPD.1 Security problem definition PASS ASE_TSS.1 TOE summary specification PASS ATE: ATE_COV.2 | Analysis of coverage PASS Tests ATE DPT.1 _| Testing: basic design PASS ATE_FUN.I Functional testing PASS ATE_IND.2 | Independent testing - sample PASS AVA: AVA_VAN.5_ | Advanced methodical vulnerability analysis PASS Vulnerability Analysis 2.9 Evaluator Comments / Recommendations Some recommendations have been communicated to CCCS by the evaluators, related to the evaluation process of “ProCrypt KM-3000 Hardware Security Module v1.0” product in the ETR. Certification Body has reviewed those recommendations and decided that they are not crucial for the results of the evaluation. Nevertheless, should a customer wishes to see those recommendations anyway, can apply the Certification Body (TSE) with a formal request. Bu dokiimanin giincelligi, elektronik ortamda TSE Dokiiman Yénetim Sisteminden takip edilmelidir. cs Sayfa 13/15 ar BiLisiM TEKNOLOJILERI TEST VE BELGELENDIRME DAÏRESI BASKANLIGI / Dokiiman No |BTBD-03-01-FR-01 INFORMATION TECHNOLOGIES TEST AND CERTIFICATION DEPARTMENT CCCS CERTIFICATION REPORT ‘ayin Tarihi = [30/07/2015 \Revizyon Tarihi |29/04/2016 x 05 3 SECURITY TARGET The security target associated with this Certification Report is identified by the following terminology: Title: ProCrypt KM-3000 Hardware Security Module v1.0 Security Target Version: v1.0 Date of Document: July 10, 2019 This Security Target describes the TOE, intended IT environment, security objectives, security requirements (for the TOE and IT environment), TOE security functions and all necessary rationale. Sayfa 14/15 Bu dokiimanin giincelligi, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir. ar qr m BILISIM TEKNOLOJILERI TEST VE BELGELENDIRME DAÏRESI BASKANLIGI / INFORMATION TECHNOLOGIES TEST AND CERTIFICATION DEPARTMENT Doküman No BTBD-03-01-FR-01 CCCS CERTIFICATION REPORT ayin Tarihi 30/07/2015 |Revizyon Tarihi 29/04/2016 |No 05 4 BIBLIOGRAPHY [1] Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5, April 2017 [2] Common Methodology for Information Technology Security Evaluation, CEM, Version 3.1 Revision 5, April 2017 [3] BTBD-03-01-TL-01 Certification Report Preparation Instructions, Rel. Date: February 8, 2016 [4] ETR v1.2 of ProCrypt KM-3000 Hardware Security Module v1.0, Rel. Date: July 7, 2019 [5] ProCrypt KM-3000 Hardware Security Module v1.0 Security Target, Version 1.0, Rel. Date: July 10, 2019 ya CS Sayfa 15/15 Bu dokümanın güncelligi, elektronik ortamda TSE Dokiiman Yénetim Sisteminden takip edilmelidir,