2021 Common Criteria Statistics Report
2
min reading time
JTSEC each year publishes the Common Criteria Statistics Reports collecting all certifications and certified products, giving detailed information about the actual year’s evaluations based on different aspects. As last year, we summarized the results in a blog post. We are proud to share that in 2021 CCLab conducted 7 Common Criteria evaluation projects under the Italian scheme (OCSI). According to Common Criteria statistics, the number of certified products has increased in the last few years, compared to 2019 128 more products were certified in 2021 than in 2019.
Despite the pandemic in 2021, the number of certified software or hardware has increased by 10%, and the number of CC certifications has never been that high before. The statistics show that 2021 has been the year with the highest number of Common Criteria certifications in history with a total number of 411 certifications surpassing the 400 milestones for the first time, followed by 2016 with its 395 certifications.
In the next part of this article, you can view statistics comparing 2020 and 2021 based on the reports published by JTSEC.
Moreover, a total of 93 products were certified using low assurance evaluations, which are the EAL1- EAL3, these categories represent 22.63% of all the evaluations. In 2021 the number of low assurance evaluations increased, which means last year 11 more certificates were issued at these assurance levels compared to 2020. Furthermore, the statistics show that the most frequently chosen assurance level was EAL2, with 71 certifications. During the past 2 years, EAL4 certification has grown steadily, which means that the highest interest is in EAL4 certification.
The above data also show that the number of high assurance evaluations has stagnated for EAL4 and EAL7, while the number of certified products increased in EAL6 and decreased for EAL5 evaluations. The trend to use protection profiles on evaluations has been larger in 2021 than in 2020, which means that 149 products were certified with a Protection Profile without assigned EAL.
This report shows, compares, and presents different historical data for 2021 and the last few years, based on Common Criteria official portal data. Furthermore, the statistics show that the evaluated product numbers are expanding year by year. In 2022 our plan is to complete at least 10 Common Criteria evaluation projects by the end of the year.
Congratulations to our customers, for the successful product certifications. We look forward to future collaborations.
Related downloadables
Related downloadables
Common Criteria Evaluation Process infographics
Common Criteria Evaluation Process infographics
This downloadable infographics introduces the Common Criteria Evaluation process to you. Explore now for free.
Guide and Checklist for Common Criteria Evaluations - updated with EUCC Scheme
Guide and Checklist for Common Criteria Evaluations - updated with EUCC Scheme
Learn everything you need to know for a successful Common Criteria certification project. Save costs and effort with your checklist.
ETSI EN 303 645 infographics for Consumer IoT devices
ETSI EN 303 645 infographics for Consumer IoT devices
Download our ETSI EN 303 635 infographics today and learn about the product certification process for this consumer IoT device cybersecurity standard.
Related news
Preparing Legacy Systems for Common Criteria Certification
Legacy systems power critical operations across industries worldwide, yet they present unique challenges when organizations pursue Common Criteria certification. The clock is ticking for manufacturers and enterprises who must navigate complex compliance requirements while maintaining operational continuity. Organizations pursuing Common Criteria certification must address unique challenges when dealing with legacy infrastructure, but with the right approach, success is achievable. The urgency cannot be overstated. Regulatory deadlines approach rapidly, and the cost of non-compliance continues to escalate. Legacy systems that once served as reliable workhorses now require strategic transformation to meet modern security standards. This guide provides actionable strategies to prepare your legacy infrastructure for certification success.
10
min reading time
EUCC Behind eIDAS 2.0: The New Pillar of Security in Europe’s Digital Identity Framework
The European Union has launched an ambitious digital transformation initiative centered on digital identity and trust services. Building upon the foundation of the original eIDAS Regulation (Regulation (EU) No. 910/2014), the updated eIDAS 2.0 framework (Regulation (EU) 2024/1183) establishes a European Digital Identity (EUDI) Framework that requires all Member States to make interoperable EU Digital Identity Wallets available to citizens and businesses by 2026. This effort aims to create consistency in legal certainty, interoperability, and data protection across borders, strengthening trust in Europe’s digital landscape.
9
min reading time
Lifecycle Management of Common Criteria Certification: Renewals, Maintenance, and Revocations
The journey of achieving Common Criteria certification represents just the beginning of a complex, ongoing process that demands continuous attention and strategic management. Organizations worldwide invest significant resources in obtaining these prestigious security certifications, yet many underestimate the critical importance of proper lifecycle management once their products become Common Criteria certified. Effective CC certification lifecycle management ensures continuous security assurance, regulatory compliance, and market credibility throughout a product’s operational lifespan.
9
min reading time