What is Common Criteria Certification
The Common Criteria standard verifies that a product meets a specification of security requirements with a guarantee aligned with the level of assessment established.
A Common Criteria certification is an internationally well-known guarantee that is recognized across the world thanks to the CCRA (Common Criteria Recognition Agreement) and SOGIS agreement (European level).
Depending on the evaluation assurance level (EAL) the requirements of the standard increase, in accordance with the possible potential of attackers trying to tamper with the target of evaluation (TOE).
Having a CC certificate is mandatory in more and more countries due to government regulations. Moreover, it is fundamental to demonstrate your product quality, reliability and of course security to gain the trust of your customers.
However, aligning our product with Common Criteria requirements can be a complicated and painful process, where it's easy to go wrong again and again.
Generally speaking, businesses that have not adopted a security certification culture feel overwhelmed by the prospect of having to generate a huge amount of documentation to pass the evaluation, as well as to make unexpected or drastic changes in their products.
Don't wait and call us to get more information about Common Criteria Consulting.
Common Criteria Certification Process
Usually the Common Criteria certification process begins with sending the "Application for Certification" to the Certification Body. The Certification Body (CB) is the entity issuing the final certificate when the evaluation is completed, so they are ultimately accountable for the quality of the evaluation.
To start the process, it is necessary to send the laboratory a document titled "Security Target". This is a formal document describing the security capabilities of the product and delimiting the evaluable functionality.
The assessment is not performed directly by the CB, it is necessary to hire the services of an accredited laboratory. There are several accredited laboratories where it is possible to perform the evaluation and their fees will be the largest overhead we have to face.
Once the accredited laboratory has performed the evaluation and any vulnerabilities that have been found have been corrected, the lab will send the CB an "Evaluation Technical Report" with a "Pass" result, and after the administrative formalities, the certificate will be published and may be enforced worldwide.
We can provide consultancy on every certificate authoring country.
Ask us about our Common Criteria Consulting service and get your product certified now.
Free tools & documents
The optimum working environment for the development of documents in conforming the Common Criteria standard.
Common Criteria Service Overview The Common Criteria service for developers
Common Criteria Cheatsheet Keep it close and use this cheat sheet whether you are a developer or consultant or evaluator. The norm on a sheet!
Common Criteria Introduction A gentle introduction to Common Criteria (spanish)
Common Criteria: a tool for secure software development How to use the norm as a methodology for the secure development of IT products (spanish)
They already trusted us. Let's talk!
What We Offer?
At jtsec we are Common Criteria evaluators and we know the process perfectly. In order to avoid unnecessary costs, contact us as soon as possible for our Common Criteria Consultancy service.
Gap Analysis
If you have doubts and are not sure if you will be able to achieve a CC certification, a CC gap analysis will solve your doubts.
Our CC experts will analyse the current status of your product, documentation and will find any deficiencies proposing the most suitable solution for your case.
Gap Analysis allows customer to understand the CC process and what they need to achieve the CC certificate.
Security Target
We develop the suitable Security Target for your needs. Our great experience in very different kind of products allow us to define the ST you need to speed up the evaluation time.
Documentation Development
We amend the documentation you have or write from scratch with regard to content and format needed to overcome CC certification. CC Documentation development may be pricey in terms of money and time for organizations that are not used to CC evaluations.
Does your team need to gain more knowledge in Common Criteria? We can provide you a customized training depending on your needs. We have provided adapted trainings to different labs, developers and schemes.
After this training, your team will be able to survive in CC world.
We are accredited la by ENC and CCN to evaluate under the Common Criteria standard, carrying out the evaluation and managing the relationship with the Certification Body.
If time is a key factor for obtaining a CC certification, we can perform an initial informal assessment to reduce time spent in the laboratory and ensure a smooth evaluation.