3
min reading time
It has now become a tradition that each year JTSEC, an ITSEC consulting company, publishes the annual Common Criteria Statistics Reports, an all-in-one report that collects and analyses all kinds of data on various aspects of the Common Criteria market. We are delighted to share that this year CCLab has made it into to report once again, as we conducted the Common Criteria evaluation project of two products under the Italian Scheme (OCSI).
We have been eagerly waiting to discover what turns the Common Criteria market took in the previous year, and the report has unveiled some surprising points for us. According to the 2022 Common Criteria Statistics Report, there was a slight decrease in the number of certified products last year, with only 370 products receiving a certification, whereas in 2021 there was a record-high number of certifications, reaching 399. In this article, we highlight the significant findings of the report and show the possible reasons behind them.
Meanwhile, 2021 was the year of record-breaking numbers, and the output of 2022 slightly decreased compared to the year prior. The overall historical shows that Common Criteria certifications have been growing from 2018 to 2021. The slight decrease in 2022 suggests that the number of certifications has stabilized on the market.
In 2022, 162 high assurance evaluations (EAL4-EAL7) were carried out, almost reaching the previous year’s volume. The above data shows that the number of high assurance evaluations has stagnated for EAL 4, EAL 5, and EAL 7, while the number of certified products decreased in the low assurance levels.
Products that were certified using low assurance represented 18,65% of all the evaluations last year, which is 4% lower than the percentage in 2021. The rate of high-assurance evaluations had also increased from 41.12% to 44%, meaning that while the number of certifications was lower in 2022 than the year before, there was a higher rate of high-assurance evaluations.
On the other hand, the trend to use Protection Profiles on evaluations has been even larger in 2022. Certifications using a Protection Profile with no EAL assigned were very frequent in 2022. In total, 139 products were certified with a Protection Profile without assigned EAL, representing 37,57% of all certifications in 2022. The statistic for top-used PPs shows that the Protection Profile for Network Devices was the most used in 2022, with 46 certified products.
The Common Criteria Statistics Report of 2022 enables us to better visualize the trends in the market throughout the year and hence estimate its future behavior. In 2022 there was a mild decline in the number of certifications and it is difficult to have a clear conclusion why this happened exactly. In 2023 we are looking forward to continuing the evaluations and hence contributing to the development of the sector.
In case you have questions about the Common Criteria evaluation procedure, don’t hesitate to get in touch with us!
Learn everything you need to know for a successful Common Criteria evaluation project. Save costs and efforts with your checklist.
This downloadable infographics introduces the Common Criteria Evaluation process to you. Explore now for free.
Get your FREE A-Z supporting material for smart meter security standards. Learn more about the Swiss METAS data security evaluation projects of smart metering devices.
In today's digital landscape, where cybersecurity threats loom large, and trust is paramount, Common Criteria certification emerges as a beacon of assurance. This globally recognized standard sets the bar for IT product security, instilling confidence in customers, stakeholders, and regulatory bodies. Beyond mere validation, it serves as a shield against potential risks, fortifying organizations' defenses and fostering a culture of safety in the digital realm.
9
min reading time
In the continually evolving cybersecurity landscape, ensuring the safety and reliability of Information and Communication Technology (ICT) products has become more crucial than ever. The European Common Criteria-based Cybersecurity Certification Scheme (EUCC) is a groundbreaking and indispensable scheme to meet this pressing need. Enacted within the Cybersecurity Act certification framework, the new scheme is a pioneering initiative to establish a unified certification framework for a diverse range of ICT products. This ambitious endeavor heralds a transformative era in cybersecurity practices throughout the European Union.
8
min reading time
In the cybersecurity landscape, the Common Criteria Evaluation Assurance Level (EAL) is a critical factor in determining the security posture of a product. The EAL chosen for a product can significantly impact its security measures, evaluation processes, and user trust. This article delves into the importance of selecting the right EAL and the consequences of misjudgment and provides a step-by-step guide to aid in this crucial decision-making process.
5
min reading time