3
min reading time
It has now become a tradition that each year JTSEC, an ITSEC consulting company, publishes the annual Common Criteria Statistics Reports, an all-in-one report that collects and analyses all kinds of data on various aspects of the Common Criteria market. We are delighted to share that this year CCLab has made it into to report once again, as we conducted the Common Criteria evaluation project of two products under the Italian Scheme (OCSI).
We have been eagerly waiting to discover what turns the Common Criteria market took in the previous year, and the report has unveiled some surprising points for us. According to the 2022 Common Criteria Statistics Report, there was a slight decrease in the number of certified products last year, with only 370 products receiving a certification, whereas in 2021 there was a record-high number of certifications, reaching 399. In this article, we highlight the significant findings of the report and show the possible reasons behind them.
Meanwhile, 2021 was the year of record-breaking numbers, and the output of 2022 slightly decreased compared to the year prior. The overall historical shows that Common Criteria certifications have been growing from 2018 to 2021. The slight decrease in 2022 suggests that the number of certifications has stabilized on the market.
In 2022, 162 high assurance evaluations (EAL4-EAL7) were carried out, almost reaching the previous year’s volume. The above data shows that the number of high assurance evaluations has stagnated for EAL 4, EAL 5, and EAL 7, while the number of certified products decreased in the low assurance levels.
Products that were certified using low assurance represented 18,65% of all the evaluations last year, which is 4% lower than the percentage in 2021. The rate of high-assurance evaluations had also increased from 41.12% to 44%, meaning that while the number of certifications was lower in 2022 than the year before, there was a higher rate of high-assurance evaluations.
On the other hand, the trend to use Protection Profiles on evaluations has been even larger in 2022. Certifications using a Protection Profile with no EAL assigned were very frequent in 2022. In total, 139 products were certified with a Protection Profile without assigned EAL, representing 37,57% of all certifications in 2022. The statistic for top-used PPs shows that the Protection Profile for Network Devices was the most used in 2022, with 46 certified products.
The Common Criteria Statistics Report of 2022 enables us to better visualize the trends in the market throughout the year and hence estimate its future behavior. In 2022 there was a mild decline in the number of certifications and it is difficult to have a clear conclusion why this happened exactly. In 2023 we are looking forward to continuing the evaluations and hence contributing to the development of the sector.
In case you have questions about the Common Criteria evaluation procedure, don’t hesitate to get in touch with us!
Learn everything you need to know for a successful Common Criteria certification project. Save costs and effort with your checklist.
This downloadable infographics introduces the Common Criteria Evaluation process to you. Explore now for free.
Get your FREE A-Z supporting material for smart meter security standards. Learn more about the Swiss METAS data security evaluation projects of smart metering devices.
In an increasingly interconnected world, cybersecurity has become more than just a technical requirement, it's a critical shield protecting organizations from potential digital threats. Common Criteria (CC), an internationally recognized standard also known as ISO/IEC 15408, emerges as a comprehensive framework that meticulously evaluates the security properties of IT products and systems. This international standard provides a structured approach to assessing technological security, offering governments, enterprises, and technology developers a robust methodology for understanding and validating the security mechanisms embedded within their digital solutions. Moreover, Common Criteria serves as a critical benchmark, ensuring that technological products meet rigorous security standards before entering the marketplace.
10
min reading time
As Europe advances its digital transformation agenda, securing its technological infrastructure has become a top priority. At the center of this ambition lies the European cybersecurity certification ecosystem. Most notably, the European Cybersecurity Certification Scheme (EUCC). Designed to harmonize security assurance practices across EU member states, EUCC is the first concrete step under the EU Cybersecurity Act to create a unified framework for certifying ICT products and services. But while EUCC represents a major achievement in digital sovereignty, a crucial question remains: Is it enough? This article explores what the European Cybersecurity Certification does well, where its current limitations lie, and what additional steps are necessary to create a truly resilient cybersecurity landscape across Europe.
7
min reading time
On March 21, 2025, a special event took place at CCLab’s headquarters in Budapest, Hungary: we had the pleasure of welcoming the delegation of WonSec Technology, and together we signed a strategic cooperation agreement focused on the EU Cybersecurity Certification Scheme on Common Criteria (EUCC). This partnership marks a milestone not only for CCLab but for the broader European certification ecosystem as well. Our joint goal is to support the secure and compliant entry of ICT products and services into the European market, especially in light of the soon-to-be mandatory EUCC requirements.
3
min reading time