Common Criteria Certification Services
As an international product security standard, Common Criteria (ISO 15408) can be used to certify any information assurance (IA) system, information technology (IT) system, or device providing security functions.
DEKRA provides expert product certification services for the Common Criteria international standard and the corresponding ISO 15408 standard. Below are answers to frequently asked questions about Common Criteria and the certification process.
What is Common Criteria?
Common Criteria, also known as CC, is a globally recognized product security standard for IT/IA systems and devices. Officially known as the Common Criteria for Information Technology Security Evaluation, Common Criteria allows for an objective evaluation of a product or system to ensure that it meets a defined set of security requirements. CC was developed through a combined effort of six countries: the United States, Canada, France, Germany, the Netherlands, and the United Kingdom. ISO/IEC 15408 is the corresponding international standard for computer security. Common Criteria is currently recognized in 31 countries.
Who needs Common Criteria certification?
Common Criteria was developed as a globally accepted standard for businesses selling IT/IA devices and systems to governments, government agencies, contractors, and partners. CC is used around the world as the basis of government-driven certification standards and programs. In addition, it is a market-entry requirement, or a specific security assurance requirement, in many countries.
What is the Common Criteria Certification Process?
Common Criteria builds trust in the security of products through third-party certification. By following a rigorous, verifiable, and repeatable method, testing laboratories evaluate whether a product performs as the manufacturer claims it should perform.
To begin the process, the vendor identifies the Target of Evaluation, the device or system to be evaluated, and completes a Security Target (ST) description. The ST includes an overview of the device or system and its security features, as well as an evaluation of potential security risks.
An independent laboratory, such as DEKRA, conducts tests to validate the product’s security features and to evaluate its compliance with the Protection Profile. If the product successfully passes the evaluation, Common Criteria certification is issued.
DEKRA’s team of project managers and evaluators has more than 25 years of experience in this area and has a demonstrated commitment to independent, reliable cybersecurity testing. We are your partners for Common Criteria certification, and we are committed to helping you understand and navigate the process.