Common Criteria ISO/IEC 15408
The most widely recognized cybersecurity certification for IT products
Common Criteria
What is Common Criteria (CC) Certification?
Common Criteria (CC) is a Certification Framework to evaluate and certify cybersecurity requirements in IT products, which allows:
Governments/regulators or industry consortiums to develop precise and testable security requirements for IT products using a common and standardized language.
- Security Evaluation Laboratories, to perform independent, comprehensive and exhaustive security evaluations of IT products with a common methodology that produce comparable and repeatable results.
- Product Manufacturers, to show confidence to consumers in the security capabilities of their product and gain a competitive edge in the global marketplace by using reputed security certification schemes with international recognition.
- Citizens and consumers, to have a defined level of independent assurance in the security operation of a certified product
The goal of the Common Criteria framework is to develop confidence and trust in the security characteristics of an IT product and in the processes used to develop and support it.
Where are Common Criteria Certificates recognized?
Common Criteria (CC) certificates are recognized by the governments of all country members of Common Criteria Community, thanks to a Mutual Recognition Arrangement signed by 31 countries (at the time of writing). Other nations, for example China and some organizations may also make use of the ISO/IEC 15408 standards for a certification with different certification schemes than CC Community.
Where are Common Criteria Certificates required?
Common Criteria certified products are required by governments and enterprises around the world to protect their mission-critical infrastructures.
Common Criteria is usually a pre-requisite for qualified products under the procurement policies of many defence and government agencies in different countries all over the world.
How is your product evaluated in Common Criteria?
At a high-level overview, the evaluation in the Lab analyses the following components of the product:
Evaluation of design documents - at the most basic level this will simply be an interface specification. Depending on the level of the assurance requirements this can include multiple layers of very detailed design specs and source code review.
Common Criteria is the most recognized and comprehensive IT security standard in the world that can be used to certify any IT system or device providing security functions.
Certifying your product in Common Criteria with DEKRA
We understand that achieving the CC Certification represents a significant investment by our customers. We help our clients to gain a CC certificate as quickly as possible (on time and on budget).
Our evaluation procedures are fully optimized to minimize the impact on our customers’ resources. We run fast and smooth evaluations.
Commercial Solutions for Classified (CSfC)
The US National Security Agency (NSA) Commercial Solutions for Classified (CSfC) program is the latest evolution related to the FIPS and Common Criteria (CC) testing and evaluation standard. DEKRA is familiar with the available CSfC capability packages and CSfC selections for the NIAP-approved Protection Profiles. With our knowledge, DEKRA can perform a Common Criteria evaluation and any necessary FIPS 140 cryptographic algorithm testing that will support a CSfC product listing.
Unified Capabilities Approved Products List (UCAPL)
CPSTIC
Why is DEKRA your partner for Common Criteria?
CC certificates are recognized by the governments of all country members of Common Criteria Community, thanks to a Mutual Recognition Arrangement signed by 32 countries (at the time of writing).
Other nations, for example China and some organizations may also make use of the ISO/IEC 15408 standards for a certification with different certification schemes than CC Community.
DEKRA is an authorized CC laboratory by NIAP (US), CCN (Spain) and TSE (Turkey) schemes, with a sizable resource pool and more than 20 years of experience in CC evaluations of HW and SW products.
Our lab is the safest approach for CC evaluations, given our capabilities, experience in the CC field, proven record of certifications for fixed cost and time projects, and our client-oriented service design.
In addition to CC evaluation services, we support vendors in developing cybersecurity strategies and preparing them for the successful certification process.
In the mid-term, DEKRA will become CAB for EUCC, so we can support you to have your products comply with this upcoming European Union Security Certification Scheme.