They offer IT hardware or software with unique but complex security features. This is where their products differ from those of their competitors. At the same time, their customers expect internationally recognised, simple and comprehensible proof of the IT security of their products. As a provider, they want to differentiate themselves. Their customers expect standardisation. A dilemma.
The Common Criteria for Information Technology Security Evaluation (also known as Common Criteria or CC for short) was established internationally with ISO/IEC standard 15408.
CC certification follows a three-stage procedure:
- Definition of the security target by the manufacturer
- Evaluation by a recognised test centre
- Certification by the Federal Office for Information Security (BSI)
Control over the functionality of the evaluated system and over the unique selling propositions remains consistently your responsibility as the manufacturer. The separation of evaluation and certification ensures the dual control principle in the testing of the product. The resulting CC certification meets the highest internationally recognised standards.