Common Criteria EAL4+
evaluation within 4 months

If you require a Common Criteria certificate, then you are at the right place.
Start your CC evaluation now with our cyberlab.
Request a free consultation to find out how to get your product certified.
A Common Criteria EAL4+ evaluation is possible within 4 months!

get a free consult

EUCC, the New Cybersecurity Scheme will be effective from the end of February 2025.

Start your CC certification project in 2024 to get it certified faster before EUCC enforcement begins.

Developers/Sponsors should be aware that the existing Common Criteria national schemes will accept applications by the end of 2024; however, the certification processes must be finalized by February 2027. It is high time to start your CC certification project ASAP with the existing, well-known processes to save time and extra effort. Learn how to prepare for the new EU Cybersecurity Certification.

These new CC certificates which will be issued by the existing national schemes will also remain valid for 5 years even after the EUCC scheme is in operation from February 27th, 2025. From February 27th, 2025, the current national cybersecurity certification schemes will cease operation.

Watch EUCC webinar

Companies who chose us

ISO 15408 Common Criteria Compliance and Certification up to EAL 4+ or EAL 5 level

Adds value

Builds trust

Ensures independent verification

Verifies a complex secure value

ISO 17025 accredited Common Criteria testing laboratory (CCTL, ITSEF)

Finish your Common Criteria evaluation in 4 months. If you are not sure whether your product fits for an (ISO 15408) Common Criteria Certification, we offer pre-evaluation services to prepare you for an evaluation project to avoid delays and additional costs during the CC certification process. We offer evaluations up to EAL 4+ or EAL 5 within the shortest possible timeframe using our industry-leading agile methods.
Learn more about Common Criteria assurance levels.

get a free consult
common-criteria-certification-cclab

The most effective way to prepare Developer Docs for Common Criteria evaluation

Is this you?

Are you struggling to prepare the required Developer Documents for your upcoming Common Criteria certification project?

Do you think you could use the already existing docs for your product's evaluation?

Do you think it is time-consuming or sometimes even confusing to comply with Common Criteria requirements?

If you are preparing for your first Common Criteria certification project, or you already have experience with CC evaluation but are willing to save some time and money in preparation.

Then this course is made for you.

Enroll COMMON CRITERIA COURSE

Standards and Protection Profiles
we have experience with

Selection of Protection Profiles
(examples only)

EN 419 211-2 / BSI-CC-PP-0059-2009-MA-01, Version 2.0.1

Secure signature creation device - Part 2: Device with key generation / Protection profiles for secure signature creation device – Part 2: “Device with Key Generation”

EN 419 211-3 / BSI-CC-PP-0075-2012

Secure signature creation device - Part 3: Device with key import / Protection profiles for secure signature creation device - Part 3: Device with key import

EN 419 211-4 / BSI-CC-PP-0071-2012, Version 1.0.1

Secure signature creation device - Part 4: Extension for device with key generation and trusted communication with certificate generation application / Protection profiles for secure signature creation device – Part 4: “Extension for device with key generation and trusted communication with certificate generation application”

EN 419 211-5 / BSI-CC-PP-0072-2012, Version 1.0.1

Secure signature creation device - Part 5: Cryptographic Module for Trust Services / Protection profiles for secure signature creation device – Part 5: Extension for device with key generation and trusted communication with signature creation application

EN 419 211-6 / BSI-CC-PP-0076-2013

Secure signature creation device - Part 6: Extension for device with key import and trusted communication with signature creation application / Protection profiles for secure signature creation device - Part 6: Extension for device with key import and trusted channel to signature creation application

EN 419 241-2

Trustworthy Systems Supporting Server Signing Part 2: Protection Profile for QSCD for Server Signing

EN 419-221-5

Protection profiles for TSP Cryptographic modules - Part 5 Cryptographic Module for Trust Services

Protection Profile for Certification Authorities

Version 2.1, 2018-12-01 (NIAP)

Protection Profile Module For Stateful Traffic Filter Firewalls

Version 1.3, 2019-09-27

Protection Profile For Mobile Device Fundamentals

Version 3.2, 2021-04-15

Protection Profile For Application Software

Version 1.4, 2021-10-07

CIMC PP

Certificate Issuing and Management Components Protection Profile, Version 1.5

BSI-CC-PP-0055

Machine Readable Travel Document with ICAO Application and Basic Access Control (MRTD-PP)

BSI-CC-PP-0056-V2-2012

Machine Readable Travel Document with ICAO Application, Extended Access Control (PP-MRTD EAC)

BSI-CC-PP-0068-V2-2011-MA-01

Machine Readable Travel Document using Standard Inspection Procedure with PACE (PACE PP)

BSI-CC-PP-0084

Security IC Platform Protection Profile with Augmentation Packages

BSI-CC-PP-0087

Machine-Readable Electronic Documents based on BSI TR-03110 for Official Use (MR.ED-PP)

Protection Profile for Application Software,

Version 1.3, 1 March 2019 (NIAP)

Collaborative Protection Profile For Network Devices

Version 2.2e, 2020-03-23

Protection Profile- Module For Private Network (VPN) Gateways,

Version 1.1, 2020-06-18

General Purpose Operating Systems Protection Profile/ Mobile Device Fundamentals Protection Profile Extended Package (EP) Wireless Local Area Network (WLAN) Clients

Version 1.0, 2016-02-08

Functional Package For Transport Layer Security

Version 1.1, 2019-02-12

  • Does CC certification take time and effort?
  • Will Common Criteria evaluation cost you?
  • Will Common Criteria certification be worth it?
YES

Common Criteria Webinars

Do you want to know more about Common Criteria evaluation?
Do you want to know how you can get your product certified?

Exploring EUCC: Legal, Market Impact, and Practical Application
On-demand
Dr. Katalin Szűcs
Levente Cseh
May 29, 2024

Exploring EUCC: Legal, Market Impact, and Practical Application

Register CCLab's on-demand webinar on EUCC, the EU Cybersecurity Certification Scheme

CCLab is excited to announce its free on-demand webinar on European Cybersecurity Certification (EUCC) Scheme. Register now and delve into the intricacies of EUCC and its implications for cybersecurity stakeholders.

LEARN MORE
COMMON CRITERIA, THE SECURITY PASSPORT  Part 2
On-demand
Dr. Katalin Szűcs
Jonatán Bodó
Imre Fodor
Hendrik Dettmer
Marc Le Guin
June 9, 2022

COMMON CRITERIA, THE SECURITY PASSPORT Part 2

Find out everything you need to know about Common Criteria evaluation & learn more about our new CC educational material, CCGuide

Find out everything you need to know about Common Criteria evaluation & learn more about our new CC educational material, CCGuide.

LEARN MORE

Selection of Products
we have experience with

(examples only)

Identity Card Applets / Electronic identification (EiD)

EAC - PACE - AA - BAC

Java Card Open Platform (JCOP)

Hardware Security Module (HSM), Cryptographic Module (CM)

Electronic identification (EiD)

Signature Activation Module (SAM)

Qualified Signature Creation Device (QSCD) / Secure Signature Creation Device (SSCD)

Network device software, firmware

Firewall appliance

Stateful Traffic Filter Firewalls

Private Network (VPN) Gateways

Logical and physical machine readable travel documents

Mobile Devices

WLAN Clients

Application Software

Transport Layer Security client or server

Common Criteria Compliance FAQ

What are Common Criteria used for?

Common Criteria (CC) are used for evaluating and certifying the security features and capabilities of information technology (IT) products and systems. The purpose of Common Criteria is to provide a standardized framework that ensures these products meet specified security standards, allowing organizations and governments to make informed decisions about the security of IT products. Common Criteria facilitate a globally recognized approach to evaluating and certifying IT security, enhancing trust and confidence in the security attributes of IT products and systems across various industries and sectors.

What is the Common Criteria and ISO?

The Common Criteria (CC) is an international standard, also available as ISO/IEC 15408 used when evaluating the security properties of IT products and systems. It defines a framework for the oversight of evaluations, syntax for specifying the security requirements to be met and a methodology for evaluating those requirements. The CC is used by governments and other organizations around the world to assess the security of information technology products and is often specified as a prerequisite to procurement. See https://www.commoncriteriaportal.org/cc/ for more information or to obtain the standard.

What is a Common Criteria test?

A Common Criteria (CC) test is an evaluation process used to assess the security features and capabilities of an information technology (IT) product or system against a set of internationally recognized security standards. This testing aims to ensure that the product meets specific security requirements and performs reliably under defined conditions.

What is the CC evaluation process?

There are three parties involved in the CC evaluation process:

1. Vendor or Sponsor. The vendor/developer engages an accredited laboratory and submits their product and associated evidence for evaluation.

2. Laboratory. The laboratory performs the evaluation and reports evaluation results to the scheme. Evaluation is iterative in nature and the vendor is able to address findings during the evaluation.

3. Scheme. Certificate authorizing schemes (also known as a certification body) issue CC certificates and perform certification/validation oversight of the laboratory. Each scheme has its own policies with regard to how the CC is used in that country and what products may be accepted into evaluation

More questions and answers about Common Criteria compliance

Testimonials

Kenneth Lasoski

Kenneth Lasoski

Versa Networks

Evaluation team was extremely reasonable and flexible with resolution to findings and was helpful in finding agreeable solutions for CB comments. Consultation team was always responsive and helped shape the documentation for easier evaluation, and provided useful recommendations on satisfying SFR/SARs.

Thierry Bonda

Thierry Bonda

Landis+Gyr

CCLab was well prepared, flexible during the whole evaluation process, and supported us with continuous communication and guidance. Many lessons were learnt during the project and CCLab has always been looking for solutions, supporting our developers the best way they could. The new Swiss evaluation methodology was a good and professional basis to work with, but both parties had to learn how to deal with it.

Jake Nelson

Jake Nelson

Corsec Security Inc.

The relationship between Corsec and CCLab has been instrumental in helping product vendors successfully complete the Common Criteria certification process. As a Common Criteria consultant to the product vendor, Corsec relies on CCLab’s responsiveness and expertise to quickly and thoroughly complete the testing component of the process. CCLab has been essential in managing multiple projects, their professionalism has helped ensure product vendor satisfaction and ultimate project success.

Alexander Testov

Alexander Testov

AO Kaspersky Lab.

"I would definitely recommend CCLab to anyone in need of Common Criteria certification. Our cooperation was comfortable, well organized and efficient. I am totally satisfied with the result."

Dayton Marcucci

Dayton Marcucci

HID Global

The CCLab team gave us full support to adapt to the changes during product development. Whatever the challenges faced they could keep the due dates and we were able to complete the process quickly and efficiently. The real agile lab helped our success. We are going to work with them again. I highly recommend them to anyone wanting to get its product certified.

Jaime Chica

Jaime Chica

NXP Semiconductors

It was a well-managed project which achieved success in an effortless manner.

Kalev Pihl

Kalev Pihl

SK ID Solutions

We needed a lab that works quickly but with high work morale and quality of work. CCLab is exactly like that! It was good cooperation experience to work with them. The project was rather complex and our expectations maybe even too high, but the team was committed to the common goals and could keep the milestones; therefore we were able to deliver what was needed. I highly recommend CCLab team to anyone for their great team spirit, quality orientations, agility and reasonable pricing.

Israr Ahmed

Israr Ahmed

Ascertia Ltd.

On behalf of Ascertia, accept my appreciation for the excellent job done by CCLab team over the past several months in achieving the Common Criteria Certificate for ADSS Server SAM solution. It was an enormous undertaking but went smoothly and efficiently! Thanks to your leadership and dedication combined with your staff's teamwork and energy, we achieved our target. You and your employees should take great pride in this accomplishment. We look forward to extend our work with you for our next certification milestone and hope will continue to get such excellent service.

Zsolt Rózsahegyi

Zsolt Rózsahegyi

I4P Informatics Ltd.

Thanks to the agile processes we've been able to add new features to the product during the evaluation that made it even more valuable to customers. CCLAB efficiently supported us throughout the whole change management process. The predictability, accurate scheduling, and supportive mindset helped us to finish the project in time.