They offer IT hardware or software with unique but complex security features. This is where their products differ from those of their competitors. At the same time, their customers expect internationally recognised, simple and comprehensible proof of the IT security of their products. As a provider, they want to differentiate themselves. Their customers expect standardisation. A dilemma.
The Common Criteria for Information Technology Security Evaluation (also known as Common Criteria or CC for short) was established internationally with ISO/IEC standard 15408.
CC certification follows a three-stage procedure:
- Definition of the security target by the manufacturer
- Evaluation by a recognised test centre
- Certification by the Federal Office for Information Security (BSI)
Control over the functionality of the evaluated system and over the unique selling propositions remains consistently your responsibility as the manufacturer. The separation of evaluation and certification ensures the dual control principle in the testing of the product. The resulting CC certification meets the highest internationally recognised standards.
Dr. Bertolt KrügerSRC Security Research & Consulting GmbH
What we offer
SRC offers evaluations of all types of IT products, including all Common Criteria test levels, such as electronic ID cards and passports, smart metering systems, healthcare products, software, network devices, payment terminals, signature components, tachograph components, and biometric systems.
In addition, we offer manufacturers and users of IT security products consulting services relating to the Common Criteria. These include e.g.
The Federal Office for Information Security (BSI) has approved SRC for the areas of
Find out about the topics that we support with our services.