What is Common Criteria Certification
The Common Criteria standard verifies that a product meets a specification of security requirements with a guarantee according to the level of assessment established.
A Common Criteria certification is an internationally well known guarantee that is recognized across the world thanks to the CCRA (Common Criteria Recognition Agreement) and SOGIS agreement (European level).
Depending on the evaluation assurance level (EAL) the requirements of the standard increase, in addition to the possible potential of attackers trying to tamper with the target of evaluation (TOE).
Generally, businesses that have not adopted a security certification culture feel overwhelmed by the prospect of needing to generate a huge amount of documentation to pass the evaluation, as well as to make unexpected or drastic changes in their products.
Don't wait and call us to get more information about Common Criteria Consulting.
Common Criteria Certification Process
Usually the Common Criteria certification process begins with sending of the "Application for Certification" to the Certification Body . The Certification Body (CB) is the entity issuing the final certificate when the evaluation is completed, so they are ultimately responsible for the quality of the evaluation.
To start the process, it is necessary to send the laboratory a document entitled "Security Target". This is a formal document describing the security capabilities of the product delimiting the evaluable functionality.
The assessment is not performed directly by the CB, it is necessary to hire the services of an accredited laboratory. There are several accredited laboratories where it is possible to perform the evaluation and their fees will be the largest overhead we have to face.
Once the accredited laboratory has performed the evaluation and any vulnerabilities that have been found have been corrected, the lab will send the CB an "Evaluation Technical Report" with a "Pass" result, and after the administrative formalities, the certificate will be published and may be enforced worldwide.
We can provide consultancy to every certificate authoring country.
Ask us about our Common Criteria Consulting service and get your product certified now.
What We Offer?
At jtsec we are Common Criteria evaluators and we know the process perfectly. In order to avoid unnecessary costs, contact us as soon as possible for our Common Criteria Consultancy service.
If you have doubts and are not sure if you will be able to achieve a CC certification, a CC gap analysis will solve your doubts.
Our CC experts will analyse the current status of your product, documentation and will find any deficiencies proposing the most suitable solution for your case.
Gap Analysis allows customer to understand the CC process and what they need to achieve the CC certificate.
We develop the suitable Security Target for your needs. Our great experience in very different kind of products allow us to define the ST you need to speed up the evaluation time and negotiate a fair evaluation price with the different labs.
We amend the documentation you have or write from scratch with regard to content and format needed to overcome CC certification. CC Documentation development may be pricey in terms of money and time for organizations that are not used to CC evaluations.
Does your team need to gain more knowledge in Common Criteria? We can provide you a customized training depending on your needs. We have provided adapted trainings to different labs, developers and schemes.
After this training, your team will be able to survive in CC world.
We are experts in Common Criteria certification. We can manage relations with the Certification Body and the Laboratory so that you must only focus on your business.
If time is a key factor for obtaining a CC certification, we can perform an initial informal assessment to reduce time spent in the laboratory and ensure a smooth evaluation.