3
min reading time
It has now become a tradition that each year JTSEC, an ITSEC consulting company, publishes the annual Common Criteria Statistics Reports, an all-in-one report that collects and analyses all kinds of data on various aspects of the Common Criteria market. We are delighted to share that this year CCLab has made it into to report once again, as we conducted the Common Criteria evaluation project of two products under the Italian Scheme (OCSI).
We have been eagerly waiting to discover what turns the Common Criteria market took in the previous year, and the report has unveiled some surprising points for us. According to the 2022 Common Criteria Statistics Report, there was a slight decrease in the number of certified products last year, with only 370 products receiving a certification, whereas in 2021 there was a record-high number of certifications, reaching 399. In this article, we highlight the significant findings of the report and show the possible reasons behind them.
Meanwhile, 2021 was the year of record-breaking numbers, and the output of 2022 slightly decreased compared to the year prior. The overall historical shows that Common Criteria certifications have been growing from 2018 to 2021. The slight decrease in 2022 suggests that the number of certifications has stabilized on the market.
In 2022, 162 high assurance evaluations (EAL4-EAL7) were carried out, almost reaching the previous year’s volume. The above data shows that the number of high assurance evaluations has stagnated for EAL 4, EAL 5, and EAL 7, while the number of certified products decreased in the low assurance levels.
Products that were certified using low assurance represented 18,65% of all the evaluations last year, which is 4% lower than the percentage in 2021. The rate of high-assurance evaluations had also increased from 41.12% to 44%, meaning that while the number of certifications was lower in 2022 than the year before, there was a higher rate of high-assurance evaluations.
On the other hand, the trend to use Protection Profiles on evaluations has been even larger in 2022. Certifications using a Protection Profile with no EAL assigned were very frequent in 2022. In total, 139 products were certified with a Protection Profile without assigned EAL, representing 37,57% of all certifications in 2022. The statistic for top-used PPs shows that the Protection Profile for Network Devices was the most used in 2022, with 46 certified products.
The Common Criteria Statistics Report of 2022 enables us to better visualize the trends in the market throughout the year and hence estimate its future behavior. In 2022 there was a mild decline in the number of certifications and it is difficult to have a clear conclusion why this happened exactly. In 2023 we are looking forward to continuing the evaluations and hence contributing to the development of the sector.
In case you have questions about the Common Criteria evaluation procedure, don’t hesitate to get in touch with us!
Learn everything you need to know for a successful Common Criteria certification project. Save costs and efforts with your checklist.
This downloadable infographics introduces the Common Criteria Evaluation process to you. Explore now for free.
Get your FREE A-Z supporting material for smart meter security standards. Learn more about the Swiss METAS data security evaluation projects of smart metering devices.
The EUCC scheme, spearheaded by the European Union Agency for Cybersecurity (ENISA), was released in early 2024. It builds on the SOG-IS Common Criteria evaluation framework already used by 17 EU Member States.
7
min reading time
ICT (Information and Communication Technology) products, encompassing a wide range of digital devices and software, are inherently vulnerable due to their complexity and the ever-present potential for undiscovered security flaws. The interconnected nature of these products further amplifies the risk, as a single vulnerability can lead to widespread security breaches across networks and systems. To mitigate these risks, the strategic integration of cybersecurity certification requirements in ICT products has become paramount.
8
min reading time
The new Common Criteria Scheme, called the European Cybersecurity Certification Scheme (EUCC), is essential for harmonizing high-security cybersecurity certification of ICT products across EU member states. It facilitates mutual recognition of certifications, supports innovation, and ensures compliance with legal requirements. Fully effective from February 2025, the EUCC aims to provide a unified and robust framework for evaluating IT products, boosting consumer trust, and fostering a more secure digital environment.
10
min reading time