You offer IT hardware or software with unique but complex security features. This is where your products differ from those of your competitors. At the same time, your customers expect internationally recognized, simple and understandable proof of the IT security of your products. As providers, you want to be different. Your customers expect standardization. A dilemma.
The Common Criteria for Information Technology Security Evaluation (also referred to as Common Criteria or CC) was established internationally with the ISO/IEC standard 15408.
CC certification follows a three-stage procedure:
- Definition of the security target by the manufacturer
- Evaluation by an accredited testing laboratory
- Certification by the Federal Office for Information Security (BSI)
The control over the functionality of the evaluated system and over the unique selling points remains consistently in their responsibility as manufacturers. The separation of evaluation and certification guarantees the four-eyes principle when testing the product. The resulting CC certification meets the highest internationally recognized standards.