2
min reading time
IT vendors often use the Common Criteria (CC) framework for providing clients assurance that their products comply to international standards for information security. To verify claims that a product complies to CC standards, you need to submit your product to evaluation through a testing laboratory.
Choosing a testing laboratory is an essential part of CC compliance. It is also a challenging process as the lab that you choose may impact whether or in how much time you gain the CC certificate for your product. Here are a few questions to ask yourself when choosing your common criteria evaluation and testing laboratory:
What is the lab’s track record of successful evaluations?
As the evaluation process is time-consuming, you should ensure that the lab you choose has a long record of successful evaluations. A successful evaluation is completed on time and on budget. It should also result in the desired CC certificate for your product. Choosing a lab with only a few evaluations may increase the risk of delays, keeping you from releasing your product on time.
Does the laboratory help evaluate different CC schemes?
Depending on the markets you plan to reach with your product, you may need to obtain multiple certificates. For example, you may require evaluations for CC certification through the US via NIAP CCEVS or in Europe via SOGIS member schemes. The right testing laboratory should have the qualifications to pursue the certifications that you require.
Does the laboratory have experience with similar technologies?
If a testing laboratory specializes in a certain product sector,, they may not have the knowledge needed for evaluating IT security-related products. Always inquire about past evaluations and determine whether the laboratory has experience evaluating products in an efficient way.
Does the laboratory offer suggestions for improving products?
The best evaluation laboratories go beyond basic cybersecurity testing. They provide detailed reports of their evaluations’ findings and help identify potential issues with your product. This may include issues that impact performance or user experience. The lab that you work with should also provide copies of their evaluation reports. Your designers or developers may require the insight provided by the report to address any weaknesses. Choosing a laboratory which provides readiness assessment services and consultancy is always a good choice.
What accreditation and credentials does the laboratory possess?
After asking these questions, you should inquire about the laboratory’s accreditation and credentials. Find out if they are accredited to complete CC evaluations that meet domestic and international standards. As with any service, we recommend that you compare options before choosing a testing laboratory. Remember to inquire about the experience of the lab and their ability to pursue the certifications that you require.
You can check CCLab’s accreditations and client references at www.cclab.com
CCLab has great experience with 20+ successful CC evaluation projects delivering some of them within 4 months.
Entering the European market you may need a laboratory like CCLab which is accredited under the Italian scheme (OCSI) and has qualified evaluators working under the German scheme (BSI) as well.
To avoid the top 5 Common Criteria Evaluation mistakes please check the following video:
Cybercriminals are no longer seeking to steal personal information only, like credit card details from private individuals, but attempt to hinder or debilitate the operation of online infrastructures that can cause serious upheaval in real life, and is a matter of national security.
4
min reading time
In recent years, the Internet of Things (IoT) has grown from arising technological innovations and inventions to devices and equipment that form part of our daily lives. Smart cars, office buildings, homes, and industries, as well as wearable devices and smart sensors, are ushering in a new era of digitization. However, there are sectors -such as healthcare-, in which IoT is of particular importance.
7
min reading time
In parallel with the explosive development of digitalization and online work, worrisome statistics regarding cyberattacks are expanding yearly. The outbreak of the pandemic in 2020 significantly increased the wireless security risk and contributed even more to the success of cybercriminals, as many companies had to switch to the home office or hybrid work model almost overnight without any preparation.
6
min reading time