Certified MyCC Evaluator (CME)

This course provides working level competency for personnel who will be employed as MySEF Evaluator/MyCC Certifier. It is also applicable for IT security consultants who have potential interest in understanding Common Criteria Evaluation and Certification processes.


  1. Increase awareness on the benefits of the product/IT system security evaluation plus certification processes and IT evaluation concepts
  2. Learn more about MyCC Scheme that includes MyCC Scheme policy framework, roles and responsibilities, and MyCC Scheme services
  3. Provide a working level competency in Common Criteria (CC), Common Evaluation Methodology (CEM), Security Target (ST) and Protection Profile (PP)


  1. MySEF Evaluators, MySEF Lab Managers and MyCC Certifiers
  2. Potential Common Criteria/IT Product Consultants.
  3. Technical Writer interested in learning Common Criteria and MyCC Scheme.
  4. Developers
  5. Any interested parties

IT Security Evaluation
This module provides a background to IT security concepts and evaluation. The topics covered include:

  1. the value of Information
  2. the importance of Information Technology
  3. the need for Information Security
  4. the concept of Assurance
  5. the benefits of IT Security Evaluation
MyCC Scheme
This module provides an overview of the MyCB functions, roles and responsibilities, Recognition Arrangements, and policy framework. The topics covered include:
  1. MyCC Scheme background and history
  2. Common Criteria Recognition Arrangement
  3. What is a certification and evaluation scheme
  4. MyCC Scheme services
  5. MyCC Scheme roles and responsibilities
  6. MyCC Scheme documentation
Introduction to ST, PP and the CC
This module provides a high level overview of Common Criteria (CC) and Methodology, as well as detailing the Security Target (ST)/ Protection Profile (PP) and how they form the foundation of evaluations. The following topics are included:
  1. The history, purpose, paradigm, terminology and structure of the Common Criteria
  2. How the Common Criteria defines assurance
  3. The purpose and components of a Security Target
  4. The purpose and components of a Protection Profile
  5. The differences between Assurance packages
Security Targets and Protection Profiles
  1. Each component of a Security Target and Protection Profile (CC Part 3)
  2. The Securty Functional Requirement families (CC Part 2)
  3. How to evaluate a TOE
Evaluating The TOE
  1. The Security Assurance Requirements families (CC Part 3)
  2. How to evaluate a TOE
  3. Apply the Common Evaluation Methodology (CEM) to :
    • Evaluation of the TOE
    • Planning a development site visit
    • Planning testing
  4. Conducting vulnerability assessment

Pn. Hasnida Binti Zainuddin
Senior Analyst
Information Security Certification Body
CyberSecurity Malaysia

Hasnida binti Zainuddin had joined CyberSecurity Malaysia for more than 8 years. She had undertaken the cyber security certification auditing whilst managing a Malaysian Common Criteria Evaluation and Certification (MyCC) Scheme and MyTrustSEAL Service in Information Security Certification Body Department (ISCB). Graduated from University of Malaya, majoring in Information Technology (Management), she started her working experience in Human Resources Department under Manpower Planning team and was responsible for the Human Resources Information System (HRIS) as the System Administrator. Then she gained new experience for 4 years under the Governance, Risk and Compliance team and became as a consultant for the ISO 27001 implementation. She is also certified as Lead Auditor for ISO 27001 and ISO 22301.

Pn. Norahana Binti Salimin
Head of Department
Malaysian Security Evaluation Facility (MYSEF)
CyberSecurity Malaysia

Infosec specialist graduated from Multimedia University, Malaysia and has a degree in B.Eng (Hons) Electronics majoring in Computer. She holds GPEN, GSNA, ECES and Lead Auditor ISMS professional certifications. She is specialized in ISO/IEC 15408 (Common Criteria), well verse in ISO/IEC 17025 and a practitioner of ISMS.

Ts. Ahmad Dahari Bin Jarno
Senior Analyst
Malaysian Security Evaluation Facility (MYSEF)
CyberSecurity Malaysia

Ahmad Dahari Bin Jarno, proudly holds cybersecurity professional certifications and experienced wisely in Common Criteria Evaluation & Certification and cybersecurity penetration testing more than 10 years. Graduated from Malaysia Multimedia University (MMU) as Bachelor (BHons) of Electronics Engineering Majoring in Computer. Started his career with CyberSecurity Malaysia as Security Analyst and currently with given trust as Research Lead (XPERTS Unit) under CyberSecurity Malaysia MySEF (CSM MySEF) Department, dedicating all his work in Common Criteria ICT product evaluation & certification and cybersecurity assessment with additions of leading a team in exploration of cybersecurity research, development and advisory that produce in-house solutions such as: test method, test tools, guideline, trainings and etc. In the domain of cybersecurity as his passion, exposed and experienced widely in the area of network security assessments, various type of penetration testing, web application assessment, web servers/appliances compliance testing and security audit. New exploration technology covers cybersecurity on Smart Card (OS, Applet & Reader) Evaluation, Hardware Security, Biometric Fingerprint Security, and innovation of assessment in Cloud Computing Security.

The CME examination is certified by the Global ACE Certification. The examination framework is designed to align with a set of relevant Knowledge, Skills and Attitudes (KSA) that are necessary for a Secure Application Professional. Candidates will be tested via a combination of either continual assessment (CA), multiple choice (MC), theory/underpinning knowledge assessment (UK), practical assessment (PA), assignments (AS) and case studies (CS) as required.

Candidates can take the examination at authorized examination centres in participating member countries. Candidates who have successfully passed the CME examination will be eligible to apply as an associate or professional member by fulfilling the membership criteria defined under the Global ACE Certification.

Click here to register for certified examination


  • 13 - 15 February 2023
  • 10 - 12 July 2023
  • 10 -12 October 2023
  • 20 - 22 November 2023
*dates are tentative, unless specified

Training Fee: MYR3,780.00
Exam Fee: MYR1,255.80

(subject to 8% SST)

Please click here to register

Contact us to request for a quotation

18 CPD Point

Please submit the Certificate of Completion to Global ACE Certification at


Have any inquiries? Check out the FAQ