Common Criteria Consulting, let's speed up!

  • Top Notch Experts
  • Members of the SCCG (Stakeholder Cybersecurity Certification Group)
  • Members of the EUCC Ad Hoc Working Group on the SOG-IS successor scheme
  • We use CCToolbox, unique tools to smooth the process
  • Editors at JTC13 WG3: “Cybersecurity Evaluation Methodology for ICT products”

Click here to find our talks related to Common Criteria and other standards offered in the most relevant cybersecurity events
By sending your data you allow us to use it to resolve your doubts by sending you commercial information of interest. We will delete it when they are no longer necessary for this matter. Know your rights in our Privacy Policy.

What is Common Criteria Certification

The Common Criteria standard verifies that a product meets a specification of security requirements with a guarantee aligned with the level of assessment established.

A Common Criteria certification is an internationally well-known guarantee that is recognized across the world thanks to the CCRA (Common Criteria Recognition Agreement) and SOGIS agreement (European level).

Depending on the evaluation assurance level (EAL) the requirements of the standard increase, in accordance with the possible potential of attackers trying to tamper with the target of evaluation (TOE).

Having a CC certificate is mandatory in more and more countries due to government regulations. Moreover, it is fundamental to demonstrate your product quality, reliability and of course security to gain the trust of your customers.

However, aligning our product with Common Criteria requirements can be a complicated and painful process, where it's easy to go wrong again and again.

Generally speaking, businesses that have not adopted a security certification culture feel overwhelmed by the prospect of having to generate a huge amount of documentation to pass the evaluation, as well as to make unexpected or drastic changes in their products.

Don't wait and call us to get more information about Common Criteria Consulting.

Common Criteria Certification Process

Usually the Common Criteria certification process begins with sending the "Application for Certification" to the Certification Body. The Certification Body (CB) is the entity issuing the final certificate when the evaluation is completed, so they are ultimately accountable for the quality of the evaluation.

To start the process, it is necessary to send the laboratory a document titled "Security Target". This is a formal document describing the security capabilities of the product and delimiting the evaluable functionality.

The assessment is not performed directly by the CB, it is necessary to hire the services of an accredited laboratory. There are several accredited laboratories where it is possible to perform the evaluation and their fees will be the largest overhead we have to face.

Once the accredited laboratory has performed the evaluation and any vulnerabilities that have been found have been corrected, the lab will send the CB an "Evaluation Technical Report" with a "Pass" result, and after the administrative formalities, the certificate will be published and may be enforced worldwide.

We can provide consultancy on every certificate authoring country.

Ask us about our Common Criteria Consulting service and get your product certified now.

WHAT IS CCGEN?

CCGEn is a tool developed by jtsec that helps generating Common Criteria documentation. CCGen Internal Consistency Checker ensures that all the CC requirements are gathered and that there is no inconsistency along the documentation. Moreover, the advanced technical editor allows to save time during the edition process. Using CCGen you can save up to 40% in the consulting part of the Common Criteria process. CCGen, which together with CCEval and cCCAB, are the two three tools that comprise CCToolBox, the best Common Criteria framework in the market. If you want to know more about CCGen, click here.

Free tools & documents

CCGen

The optimum working environment for the development of documents in conforming the Common Criteria standard.

Try CCGen free!
Others

Common Criteria Service Overview The Common Criteria service for developers

Common Criteria Cheatsheet Keep it close and use this cheat sheet whether you are a developer or consultant or evaluator. The norm on a sheet!

Common Criteria Introduction A gentle introduction to Common Criteria (spanish)

Common Criteria: a tool for secure software development How to use the norm as a methodology for the secure development of IT products (spanish)

They already trusted us. Let's talk!

What We Offer?

At jtsec we are Common Criteria evaluators and we know the process perfectly. In order to avoid unnecessary costs, contact us as soon as possible for our Common Criteria Consultancy service.

  1. Gap Analysis

    If you have doubts and are not sure if you will be able to achieve a CC certification, a CC gap analysis will solve your doubts.

    Our CC experts will analyse the current status of your product, documentation and will find any deficiencies proposing the most suitable solution for your case.

    Gap Analysis allows customer to understand the CC process and what they need to achieve the CC certificate.

  2. Security Target

    We develop the suitable Security Target for your needs. Our great experience in very different kind of products allow us to define the ST you need to speed up the evaluation time.

  3. Documentation Development

    We amend the documentation you have or write from scratch with regard to content and format needed to overcome CC certification. CC Documentation development may be pricey in terms of money and time for organizations that are not used to CC evaluations.

  4. Training

    Does your team need to gain more knowledge in Common Criteria? We can provide you a customized training depending on your needs. We have provided adapted trainings to different labs, developers and schemes.

    After this training, your team will be able to survive in CC world.

  5. Evaluation

    We are accredited la by ENC and CCN to evaluate under the Common Criteria standard, carrying out the evaluation and managing the relationship with the Certification Body.

  6. Preassesment

    If time is a key factor for obtaining a CC certification, we can perform an initial informal assessment to reduce time spent in the laboratory and ensure a smooth evaluation.