Common Criteria Evaluation

Finish your Common Criteria evaluation in 4 months. If you are not sure whether your product fits for an (ISO 15408) Common Criteria Certification, we offer pre-evaluation services to prepare you for an evaluation project to avoid delays and additional costs during the CC certification process. We offer evaluations up to EAL 4+ or EAL 5 within the shortest possible timeframe using our industry-leading agile methods.

read more

Common Criteria Consultancy

If you are looking for a Common Criteria expert, who can help you get prepared and easily get over the difficulties of the certification process, then you are at the right place. Start your CC certification project in 2024 to get it certified faster before EUCC enforcement begins. Developers/Sponsors should be aware that the existing CC national schemes will accept applications by the end of 2024; however, the certification processes must be finalized by February 2027. It is high time to start your CC certification project ASAP with the existing, well-known processes to save time and extra effort.

Swiss Smart Metering

Accurate data collection and secure data transfer are a must for the smart meter market. Smart metering solutions need to be METAS certified (METAS Zertifizierung) in Switzerland since 2019. CCLab has become one of the leading accredited electric meter testing laboratories in cybersecurity evaluations of smart metering solutionsfor the energy industry. Among others we have great experience in data security evaluations in Switzerland under the METAS certification scheme.

Medical Device Security

Medical devices have been around for decades, however, new technologies are being applied to all different types of them. It is a challenging task to secure devices against cyber threats while clients expect to preserve functionality without overcomplicated security measures. The software usually connects to the internet or hospital networks, therefore data might be available through mobile phones or other connected devices.
We provide conformity assessments for numerous standards related to medical devices’ cybersecurity resilience.

Industrial Control System Security

Protecting Industrial Automation and Control Systems against cyberattacks has become more important than ever before. Learn more about the ISA/IEC 62443 standards. IEC 62443 is the standard for protecting Industrial Automation and Control Systems and the most effective Cybersecurity solution for Industry 4.0. With increased connectivity of production assets (IIoT), new hazards emerge that must be included in traditional risk management processes.

Automotive CSMS

In the advent of cooperative, connected, and automated mobility, cars today are increasingly exposed to cyberattacks. Cyberattacks could not only cause material damage, but they may put human lives in danger. New regulations, such as RegulationUN R155, UN R156, and standards like ISO/SAE 21434 are coming up to support building resilient modern vehicles.

Cybersecurity Evaluation

CCLab proposes a step-by-step approach to its clients during security evaluations, using a methodology based on our own Common Criteria experience. The essence of the methodology is to analyze the documentation and in certain cases the source code before and during the vulnerability assessment phase of the target.


The development of a Digital Single Market (DSM) for EU Member States was among the European Commission’s 10 priorities for the period 2015-2019. In order to provide a clear legal framework for the formalization of a wide range of digital transactions, the regulation of eIDAS is a crucial support to this initiative. In support of the DSM, eIDAS aims to facilitate the smooth flow of commerce in the EU through transparency, security, technical neutrality, cooperation and interoperability.

Consumer Iot Device Cybersecurity

ETSI EN 303 645 is the first globally applicable Cybersecurity Standard for Consumer IoT Devices. Consumer IoT Products are internet-connected devices that any person can have at home nowadays. This standard covers consumer IoT devices that are connected to network infrastructure and their interactions with associated services.

Radio Equipment Directive

The Radio Equipment Directive 2014/53/EU (RED) establishes a legal framework for radio equipment by laying down essential standards for electromagnetic compatibility, safety, health, and radio spectrum efficiency. Article 3(3) of the Directive is intended to replace requirements for radio-specific equipment, including cybersecurity and common interfaces. The deadline to comply with the new cybersecurity requirements of RED is just around the corner: itt will become mandatory on August 1, 2025 according to the latest decision of the European Commision.

Cybersecurity Certification

The IECEE CB Scheme is the largest international certification scheme for electrical and electronic products and components (including IoT products). Its goal is to facilitate the international trade of manufacturers in more than 50 member countries. This is achieved through the IECEE multilateral certificate recognition system based on international standards. Its members use the principle of mutual recognition of test results to obtain certification or approval at national levels around the world.

UK PSTI Compliance

After leaving the European Union the United Kingdom (UK) independently determines its cybersecurity regulations and has exited the cybersecurity framework of the European Union (EU). The UK has its national laws and standards for addressing cybersecurity issues and is not obligated to automatically adopt EU regulations or directives in this area. The PSTI, or Product Security and Telecommunications Infrastructure, is a regulatory system applicable in the United Kingdom.