Common Criteria – The certification concept for the international comparability of IT security
They offer IT hardware or software with unique but complex security features. This is where their products differ from those of their competitors. At the same time, their customers expect internationally recognised, simple and comprehensible proof of the information technology security of their products. As providers, they want to differentiate themselves. Your customers expect standardisation. A dilemma.
The Common Criteria for Information Technology Security Evaluation (also known as Common Criteria or CC for short) was established internationally in ISO/IEC standard 15408.
CC certification follows a three-stage procedure:
- Definition of the security target by the manufacturer
- Evaluation by a recognised testing laboratory
- Certification by the Federal Office for Information Security (BSI)
Control over the functionality of the evaluated system and over the unique selling propositions remains consistently their responsibility as manufacturers. The separation of evaluation and certification ensures the dual control principle in the testing of the product. The resulting CC certification meets the highest internationally recognised standards.
Our offer
SRC offers evaluations of all types of IT products, covering all test levels of the Common Criteria, including electronic ID cards and passports, smart metering systems, healthcare products, software, network devices, payment terminals, signature components, tachograph components and biometric systems.
In addition, we offer manufacturers and users of IT security products consulting services relating to the Common Criteria. These include e.g.
