2
min reading time
IT vendors often use the Common Criteria (CC) framework for providing clients assurance that their products comply to international standards for information security. To verify claims that a product complies to CC standards, you need to submit your product to evaluation through a testing laboratory.
Choosing a testing laboratory is an essential part of CC compliance. It is also a challenging process as the lab that you choose may impact whether or in how much time you gain the CC certificate for your product. Here are a few questions to ask yourself when choosing your common criteria evaluation and testing laboratory:
What is the lab’s track record of successful evaluations?
As the evaluation process is time-consuming, you should ensure that the lab you choose has a long record of successful evaluations. A successful evaluation is completed on time and on budget. It should also result in the desired CC certificate for your product. Choosing a lab with only a few evaluations may increase the risk of delays, keeping you from releasing your product on time.
Does the laboratory help evaluate different CC schemes?
Depending on the markets you plan to reach with your product, you may need to obtain multiple certificates. For example, you may require evaluations for CC certification through the US via NIAP CCEVS or in Europe via SOGIS member schemes. The right testing laboratory should have the qualifications to pursue the certifications that you require.
Does the laboratory have experience with similar technologies?
If a testing laboratory specializes in a certain product sector,, they may not have the knowledge needed for evaluating IT security-related products. Always inquire about past evaluations and determine whether the laboratory has experience evaluating products in an efficient way.
Does the laboratory offer suggestions for improving products?
The best evaluation laboratories go beyond basic cybersecurity testing. They provide detailed reports of their evaluations’ findings and help identify potential issues with your product. This may include issues that impact performance or user experience. The lab that you work with should also provide copies of their evaluation reports. Your designers or developers may require the insight provided by the report to address any weaknesses. Choosing a laboratory which provides readiness assessment services and consultancy is always a good choice.
What accreditation and credentials does the laboratory possess?
After asking these questions, you should inquire about the laboratory’s accreditation and credentials. Find out if they are accredited to complete CC evaluations that meet domestic and international standards. As with any service, we recommend that you compare options before choosing a testing laboratory. Remember to inquire about the experience of the lab and their ability to pursue the certifications that you require.
You can check CCLab’s accreditations and client references at www.cclab.com
CCLab has great experience with 20+ successful CC evaluation projects delivering some of them within 4 months.
Entering the European market you may need a laboratory like CCLab which is accredited under the Italian scheme (OCSI) and has qualified evaluators working under the German scheme (BSI) as well.
To avoid the top 5 Common Criteria Evaluation mistakes please check the following video:
In this insightful interview, Ferenc Molnár, founder and CEO of CCLab discusses the critical importance of wireless device cybersecurity in today's digital landscape. The interview provides valuable insights into the importance of collective efforts in safeguarding our digital world and also delves into the upcoming regulatory changes, specifically the Radio Equipment Directive (RED), introduced by the European Union (EU).
12
min reading time
CCLab reached an important milestone in 2023, as it celebrated its 10th anniversary on April 3. The entire team celebrated this significant event with a 2-day trip at the breathtaking Avalon Resort & Spa in Miskolctapolca at the beginning of May. This remarkable event was full of excitement, heartfelt moments, and learning, just as CCLab has been for the past 10 years.
3
min reading time
It has now become a tradition that each year JTSEC, an ITSEC consulting company, publishes the annual Common Criteria Statistics Reports, an all-in-one report that collects and analyses all kinds of data on various aspects of the Common Criteria market. We are delighted to share that this year CCLab has made it into to report once again, as we conducted the Common Criteria evaluation project of two products under the Italian Scheme (OCSI).
3
min reading time