Common Criteria Evaluation, accredited lab

  • Top Notch Experts
  • Members of the SCCG (Stakeholder Cybersecurity Certification Group)
  • Members of the EUCC Ad Hoc Working Group on the SOG-IS successor scheme
  • We use CCToolbox, unique tools to smooth the process
  • Editors at JTC13 WG3: “Cybersecurity Evaluation Methodology for ICT products

Click here to find our talks related to Common Criteria and other standards offered in the most relevant cybersecurity events
By sending your data you allow us to use it to resolve your doubts by sending you commercial information of interest. We will delete it when they are no longer necessary for this matter. Know your rights in our Privacy Policy.

What is Common Criteria?

Common Criteria is an international standard (ISO/IEC 15408) and the most recognized certification used for assessing security in ICT products. This certification is required in some cases by regulations, but in all cases, a Common Criteria certificate provides a competitive advantage, by providing trust to customers and users. The vendor or manufacturer can specify the security functional requirements (SFRs) and security assurance requirements (SARs) through using Protection Profiles (PPs, cPP or NIAP PPs).

Sometimes it may be hard for the vendor to understand how to meet the requirements of the Common Criteria standard. This may result in unforeseen time and money expenses and, in the worst cases, not obtaining the certificate and causing economical losses.

Common Criteria Certification Process

Obtaining a Common Criteria certificate, which is issued by National Certification Bodies, requires that the product goes through an evaluation process, carried out by an accredited laboratory, which performs documental and technical assessment activities defined by the Common Criteria standard.

Usually the Common Criteria certification process begins by sending the "Application for Certification" to the Certification Body. The Certification Body (CB) is the entity issuing the final certificate when the evaluation is completed, so they are ultimately accountable for the quality of the evaluation.

To start the process, it is necessary to send the laboratory a document titled "Security Target". This is a formal document describing the security capabilities of the product and delimiting the evaluable functionality.

The assessment is not performed directly by the CB, it is necessary to hire the services of an accredited laboratory.

Once the lab has performed the evaluation and any vulnerabilities that were found, have been corrected, the lab will send to the CB an "Evaluation Technical Report" with a "Pass" result, and after the administrative formalities, the certificate will be published and may be enforced worldwide.

We are member of ENISA ad-hoc Working Group on SOG-IS successor scheme to support the preparation of a candidate EU cybersecurity certification scheme as a successor to the existing schemes operating under the SOG-IS MRA. This new scheme, developed for the cybersecurtiy certification of ICT products, has been named as EUCC scheme (Common Criteria based European candidate cybersecurity certification scheme).


At jtsec, we have always believed in innovation and collaboration in the field of cybersecurity. That is why we offer a free month of use of the CCGen tool, which you can get by visiting our CCToolBox webpage.

jtsec develops this innovative framework to smooth the Common Criteria certification process, saving up to 40% time & costs. A unique tool to ease the two main consuming activities: documentation generation and evaluation.

CCToolBox has two tools that complement each other to offer a complete service:

  • CCGen for generating Common Criteria documentation.
  • CCEval for evaluating Common Criteria documentation.


    1. We support you using CCToolBox our innovative and exclusive framework automatizing the process.

    2. We save you up to 40% time and money.

    3. We ensure you fixed price from the beginning, avoid surprises!

    4. Your product on time, a backup engineer is available for all the projects to ensure that we meet your expectations.

    5. We offer you the first step completely free, the Certification Roadmap Report.

    6. We are true experts in Common Criteria, always improving and researching in the area of cybersecurity. Actively involved in standardization activities related to CC (ISO, ISCI WGs).

    7. Program Director of the ICCC (International Common Criteria Conference).

    8. Members of the SCCG (Stakeholder Cybersecurity Certification Group).

    9. Members of the EUCC Ad-hoc Working Group.

    10. Native Common Criteria professionals.

They already trusted us. Let's talk!

What We Offer?

At jtsec we are experts in Common Criteria and we know the process perfectly. In order to avoid unnecessary costs, contact us as soon as possible.

  1. Evaluation, accredited lab

    We have years of experience in certifications and we have a team of professionals with great knowledge and expertise that will take care of the entire process, saving your time and money.

  2. Tools

    At jtsec we offer our clients CCGen tool free of charge, as a part of a bigger framework CCToolBox. A unique tool to ease the two main consuming activities: documentation generation and evaluation.

  3. Accredited lab

    As accredited laboratory, we carry out the Common Criteria security evaluation of your product. We check the Security Target, user guides, design, life-cycle and test documentation, in order to verify that they all comply with the Common Criteria Standard. We also perform the necessary testing and penetration testing required making sure that your product is resistant to the applicable attacks. This way, your product can successfully obtain the Common Criteria Certification.

  4. Turnkey approach

    We offer a turnkey Common Criteria Approach, an accurate process bearing in mind that every client and every product are unique. we adapt to your needs by creating a unique working framework, attending to the specific needs of your project