Common Criteria

What atsec Offers
atsec has extensive experience with Common Criteria projects. Please take a look at our list of successful evaluations.

Only a limited number of laboratories worldwide are officially accredited and licensed to perform evaluations based on the Common Criteria. atsec offers a full range of services to meet your needs in planning and pursuing Common Criteria evaluation:

  • Readiness assessment to help you estimate the level of effort that will be required to successfully evaluate the security functions of your product.
  • Conformance evaluation resulting in a certificate issued by one of the following:
    • U.S. National Information Assurance Partnership's (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS),
    • German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI).
    • Swedish CC scheme, Sveriges Certifieringsorgan för IT-säkerhet (CSEC) operated by FMV.
    • Italian CC scheme, Organismo di Certificazione della Sicurezza Informatica (OCSI).
  • Conformance evaluation resulting in mutual recognition under
    • The Common Criteria Recognition Arrangement (CCRA)
    • The Senior Officials Group Information Systems Security (SOG-IS)
  • Consulting services include:
    • production of a Security Target
    • discovery or production of evidence to support the evaluation project
    • production of a Protection Profile
  • Protection Profile evaluation
  • Education and training for your staff to optimize your efforts in pursuing Common Criteria certification
  • Migration assistance to Common Criteria version 3.1

Why Our Services are Important to You
The evaluation of technical components and products against internationally-accepted, standardized criteria allows companies to objectively demonstrate the reliability of its security functionality.

The Common Criteria (CC) and the internationally-recognized ISO standard (ISO 15408) is used by governments and other organizations to assess security and assurance of information technology products. The CC standard provides a uniform way of expressing security requirements and defines a set of rigorous criteria by which a product's security aspects (for example, development environment, security functionality, and handling of security vulnerabilities) can be meaningfully evaluated.