EUCC Consulting

Top Notch Experts
Members of the SCCG (Stakeholder Cybersecurity Certification Group)
Members of the EUCC Ad Hoc Working Group on the SOG-IS successor scheme
We use CCToolbox, unique tools to smooth the process
Editors at JTC13 WG3: “Cybersecurity Evaluation Methodology for ICT products”

Click here to find our talks related to EUCC and other standards offered in the most relevant cybersecurity events

EUCC, UNDERSTANDING THE SCHEME

EUCC is the first scheme published under the guidelines of the CSA (Cybersecurity Act), which proposes the creation of a common European framework for the certification of "cybersecure" ICT products and services. It can be considered a horizontal scheme, as it can be usable in several sectorial competences. EUCC is based on Common Criteria (ISO/IEC 15408 and ISO/IEC 18045) and is aimed at replacing the current national certification schemes also based on Common Criteria. It is therefore commonly known as the European Common Criteria, EUCC has recognition & acceptance only in the EU. The existence of cybersecurity schemes recognized by the European Commission provides a framework in which cybersecurity laboratories, private companies and public administrations can abide when certifying their products within Europe, in the case of the EUCC, for ICT products. If you want to know more about the process followed by the EUCC until it was approved by the European Commission, please read the post in our blog called:

ENISA publishes EUCC 1.1.1 the first European cybersecurity scheme for ICT products.

Recommendations about EUCC, the new scheme for the certification of ICT products cybersecurity

The introduction of this new scheme will entail new developments that will affect vendors, developers, manufacturers and, of course, labs. The following tips will be useful:
1. Brief period of uncertainty: Is expected that EUCC will be fully operating by 2022. Old certificates can be converted to the new scheme. There will be zero parallel emission of EUCC and SOG-IS MRA certificates.
2. Prepare for patch management: the new scheme will have two patch management methodologies that will allow developers to push security updates to their product while staying under the umbrella of the certificate.
3. Prepare for new obligations (handle and monitoring compliances, have an online repository of publicly disclosed vulnerabilities, among others).
4. Closer cooperation between vendors and lab to work properly.
5. Certificates above VAN.3 will not be recognized unless there is a specific technical domain.

CCTOOLBOX, UNIQUE TOOL TO SMOOTH THE PROCESS

CCGen At jtsec, we have always believed in innovation and collaboration in the field of cybersecurity. That is why we offer a free month of use of the CCGen tool, which you can get by visiting our CCToolBox webpage. jtsec develops this innovative framework to smooth the EUCC certification process, saving up to 50% time & costs. A unique tool to ease the two main consuming activities: documentation generation and evaluation. CCToolBox has two tools that complement each other to offer a complete service: CCGen for generating EUCC documentation. CCEval for evaluating EUCC documentation.

10 REASONS FOR CHOOSING JTSEC

1. Top notch experts.
2. Customized approach.
3. Laboratory accredited for Common Criteria assessments.
4. Members of the SCCG (Stakeholder Cybersecurity Certification Group).
5. We use unique tools developed by us that save up to 50% of time and money in the evaluation.
6. We assure you a fixed price from the beginning, do not face unexpected surprises!
7. Deliver on time on launch a support engineer is always available for projects, ensuring we meet deadlines and expectations.
8. Editors at JTC13 WG3: “Cybersecurity Evaluation Methodology for ICT products.
9. Members of the EUCC Ad Hoc Working Group on the SOG-IS successor scheme.
10. Commitment to your project before, during and after certification.