The process for a cryptographic product to obtain PKTN status consists of two phases:
- PKTN Pre-Application
- PKTN Application
1. PKTN Pre-Application
This phase involves verifying that the cryptographic product has obtained Malaysian Cryptography Validation (MyCV) and Common Criteria Certification (MyCC/CC). The PKTN Pre-Application process is illustrated in the figure below.
| Verification process by CyberSecurity Malaysia | Duration |
| 1. Certification Verification (E.g.: FIPS Certification) | 1 working day |
| 2. Verification of Cryptographic Algorithm List against MySEAL | 5 working days (depending on the number of algorithms) |
| 3. Preparation of Verification Report | 3 working days |
| 4. Submission of Application to NACSA | 1 working day |
2. PKTN Application Process
Once the pre-application phase is completed, the cryptographic product can proceed with the PKTN Application. The PKTN Application process is illustrated in the figure below.
| Process | Activity | Duration |
| 1. Pre-Application Review | Review of preliminary documents such as the application form, checklist, and eligibility verification | 5 working days |
| 2. Review of Complete Application Documents | Verification of complete documents such as the Security Target, Security Policy, and supporting technical documents. | 5 – 10 working days |
| 3. a) Assessment by SPPPKTN Working Committee | Review of findings report and evaluation of compliance with PKTN criteria. | 1 working day |
| 3. b) Reassessment (if necessary) | Preparation of feedback, re-examination of documents, and evaluation meeting for compliance with PKTN criteria. | 7 working days |
| 4. Decision by SPPPKTN Steering Committee | Preparation of approval report and presentation to the SPPPKTN Steering Committee for final approval. | 3 working days |
| 5. Issuance of Approval Letter / PKTN Status | Preparation of approval letter. | 3 working days after final approval is received |
Application
| Title | Size |
|---|---|
| pdf Application Form PKTN | 545.76 KB |