2
min reading time
JTSEC each year publishes the Common Criteria Statistics Reports collecting all certifications and certified products, giving detailed information about the actual year’s evaluations based on different aspects. As last year, we summarized the results in a blog post. We are proud to share that in 2021 CCLab conducted 7 Common Criteria evaluation projects under the Italian scheme (OCSI). According to Common Criteria statistics, the number of certified products has increased in the last few years, compared to 2019 128 more products were certified in 2021 than in 2019.
Despite the pandemic in 2021, the number of certified software or hardware has increased by 10%, and the number of CC certifications has never been that high before. The statistics show that 2021 has been the year with the highest number of Common Criteria certifications in history with a total number of 411 certifications surpassing the 400 milestones for the first time, followed by 2016 with its 395 certifications.
In the next part of this article, you can view statistics comparing 2020 and 2021 based on the reports published by JTSEC.
Moreover, a total of 93 products were certified using low assurance evaluations, which are the EAL1- EAL3, these categories represent 22.63% of all the evaluations. In 2021 the number of low assurance evaluations increased, which means last year 11 more certificates were issued at these assurance levels compared to 2020. Furthermore, the statistics show that the most frequently chosen assurance level was EAL2, with 71 certifications. During the past 2 years, EAL4 certification has grown steadily, which means that the highest interest is in EAL4 certification.
The above data also show that the number of high assurance evaluations has stagnated for EAL4 and EAL7, while the number of certified products increased in EAL6 and decreased for EAL5 evaluations. The trend to use protection profiles on evaluations has been larger in 2021 than in 2020, which means that 149 products were certified with a Protection Profile without assigned EAL.
This report shows, compares, and presents different historical data for 2021 and the last few years, based on Common Criteria official portal data. Furthermore, the statistics show that the evaluated product numbers are expanding year by year. In 2022 our plan is to complete at least 10 Common Criteria evaluation projects by the end of the year.
Congratulations to our customers, for the successful product certifications. We look forward to future collaborations.
This downloadable infographics introduces the Common Criteria Evaluation process to you. Explore now for free.
Learn everything you need to know for a successful Common Criteria certification project. Save costs and efforts with your checklist.
Download our ETSI EN 303 635 infographics today and learn about the product certification process for this consumer IoT device cybersecurity standard.
The EUCC scheme, spearheaded by the European Union Agency for Cybersecurity (ENISA), was released in early 2024. It builds on the SOG-IS Common Criteria evaluation framework already used by 17 EU Member States.
7
min reading time
ICT (Information and Communication Technology) products, encompassing a wide range of digital devices and software, are inherently vulnerable due to their complexity and the ever-present potential for undiscovered security flaws. The interconnected nature of these products further amplifies the risk, as a single vulnerability can lead to widespread security breaches across networks and systems. To mitigate these risks, the strategic integration of cybersecurity certification requirements in ICT products has become paramount.
8
min reading time
The new Common Criteria Scheme, called the European Cybersecurity Certification Scheme (EUCC), is essential for harmonizing high-security cybersecurity certification of ICT products across EU member states. It facilitates mutual recognition of certifications, supports innovation, and ensures compliance with legal requirements. Fully effective from February 2025, the EUCC aims to provide a unified and robust framework for evaluating IT products, boosting consumer trust, and fostering a more secure digital environment.
10
min reading time