2
min reading time
IT vendors often use the Common Criteria (CC) framework for providing clients assurance that their products comply to international standards for information security. To verify claims that a product complies to CC standards, you need to submit your product to evaluation through a testing laboratory.
Choosing a testing laboratory is an essential part of CC compliance. It is also a challenging process as the lab that you choose may impact whether or in how much time you gain the CC certificate for your product. Here are a few questions to ask yourself when choosing your common criteria evaluation and testing laboratory:
What is the lab’s track record of successful evaluations?
As the evaluation process is time-consuming, you should ensure that the lab you choose has a long record of successful evaluations. A successful evaluation is completed on time and on budget. It should also result in the desired CC certificate for your product. Choosing a lab with only a few evaluations may increase the risk of delays, keeping you from releasing your product on time.
Does the laboratory help evaluate different CC schemes?
Depending on the markets you plan to reach with your product, you may need to obtain multiple certificates. For example, you may require evaluations for CC certification through the US via NIAP CCEVS or in Europe via SOGIS member schemes. The right testing laboratory should have the qualifications to pursue the certifications that you require.
Does the laboratory have experience with similar technologies?
If a testing laboratory specializes in a certain product sector,, they may not have the knowledge needed for evaluating IT security-related products. Always inquire about past evaluations and determine whether the laboratory has experience evaluating products in an efficient way.
Does the laboratory offer suggestions for improving products?
The best evaluation laboratories go beyond basic cybersecurity testing. They provide detailed reports of their evaluations’ findings and help identify potential issues with your product. This may include issues that impact performance or user experience. The lab that you work with should also provide copies of their evaluation reports. Your designers or developers may require the insight provided by the report to address any weaknesses. Choosing a laboratory which provides readiness assessment services and consultancy is always a good choice.
What accreditation and credentials does the laboratory possess?
After asking these questions, you should inquire about the laboratory’s accreditation and credentials. Find out if they are accredited to complete CC evaluations that meet domestic and international standards. As with any service, we recommend that you compare options before choosing a testing laboratory. Remember to inquire about the experience of the lab and their ability to pursue the certifications that you require.
You can check CCLab’s accreditations and client references at www.cclab.com
CCLab has great experience with 20+ successful CC evaluation projects delivering some of them within 4 months.
Entering the European market you may need a laboratory like CCLab which is accredited under the Italian scheme (OCSI) and has qualified evaluators working under the German scheme (BSI) as well.
To avoid the top 5 Common Criteria Evaluation mistakes please check the following video:
This downloadable infographics introduces the Common Criteria Evaluation process to you. Explore now for free.
Learn everything you need to know for a successful Common Criteria evaluation project. Save costs and efforts with your checklist.
Read and learn more about the Radio Equipment Directive (RED), download our free material now.
In today's digital landscape, where cybersecurity threats loom large, and trust is paramount, Common Criteria certification emerges as a beacon of assurance. This globally recognized standard sets the bar for IT product security, instilling confidence in customers, stakeholders, and regulatory bodies. Beyond mere validation, it serves as a shield against potential risks, fortifying organizations' defenses and fostering a culture of safety in the digital realm.
9
min reading time
In the continually evolving cybersecurity landscape, ensuring the safety and reliability of Information and Communication Technology (ICT) products has become more crucial than ever. The European Common Criteria-based Cybersecurity Certification Scheme (EUCC) is a groundbreaking and indispensable scheme to meet this pressing need. Enacted within the Cybersecurity Act certification framework, the new scheme is a pioneering initiative to establish a unified certification framework for a diverse range of ICT products. This ambitious endeavor heralds a transformative era in cybersecurity practices throughout the European Union.
8
min reading time
In the cybersecurity landscape, the Common Criteria Evaluation Assurance Level (EAL) is a critical factor in determining the security posture of a product. The EAL chosen for a product can significantly impact its security measures, evaluation processes, and user trust. This article delves into the importance of selecting the right EAL and the consequences of misjudgment and provides a step-by-step guide to aid in this crucial decision-making process.
5
min reading time