Common Criteria – The certification concept for the international comparability of IT security
They offer IT hardware or software with unique but complex security features. This is where their products differ from those of their competitors. At the same time, their customers expect internationally recognised, simple and comprehensible proof of the information technology security of their products. As providers, they want to differentiate themselves. Your customers expect standardisation. A dilemma.
The Common Criteria for Information Technology Security Evaluation (also known as Common Criteria or CC for short) was established internationally in ISO/IEC standard 15408.
CC certification follows a three-stage procedure:
- Definition of the security target by the manufacturer
- Evaluation by a recognised testing laboratory
- Certification by the Federal Office for Information Security (BSI)
Control over the functionality of the evaluated system and over the unique selling propositions remains consistently their responsibility as manufacturers. The separation of evaluation and certification ensures the dual control principle in the testing of the product. The resulting CC certification meets the highest internationally recognised standards.
Our offer
SRC offers evaluations of all types of IT products, whereby all test levels of the Common Criteria can be mapped; for example, electronic ID cards and passports, smart metering systems, healthcare products, software, network devices, payment transaction terminals, signature components, tachograph components and biometric systems are examined.
In addition, we offer manufacturers and users of IT security products consulting services around the Common Criteria. These include e.g.
-
Common Criteria trainings
-
Common Criteria-Workshops
-
Creation of protection profiles
-
Definition der Sicherheitsziele
-
Support with the compilation of the required manufacturer’s certificates
Our recognition
The Federal Office for Information Security (BSI) has approved SRC for the areas of
-
CC: Gemeinsame Kriterien
-
SC: Requirements for the technical domain „Smartcards and similar Devices“ are fulfilled.
-
HD: Requirements for the technical domain „Hardware Devices with Security Boxes“ are met.