Your browser is outdated

The internet explorer is no longer supported. Please switch browsers for better website experience.

Cybersecurity Certification

Cybersecurity Certification Services

Cybersecurity Certifications

Our cybersecurity certification ensures that your hardware and software products comply with globally recognized security requirements and standards. Our experienced team of engineers is committed to rigorous, independent, and transparent evaluation and testing processes.

Our expert product and process certification is appropriate for any IT system or device providing security functions. We support a range of customers, including certification bodies, product developers, consultancies, and evaluation facilities.

Our Services

  • GAP analysis and pre-evaluation services
  • Vulnerability assessment and penetration testing
  • Evaluation services:
    • ISO 15408 / Common Criteria
    • FIPS 140-3 / ISO 19790 (Cryptographic Modules)
    • Cryptographic Algorithm Validation Services (CAVS)
    • LINCE – Lightweight CCN methodology
    • GSMA – NESAS 3GPP evaluations
    • eIDAS regulation for Trusted Services Providers
  • Evaluation services for IT systems or devices against a vendor-defined security target (EAL) or protection profile of the Common Criteria certifications
  • Maintenance of IT security certificates
  • Training and workshops
  • Consulting services for successful security evaluations

Common Criteria

DEKRA provides expert product certification services for the Common Criteria international standard and corresponding ISO 15408 standard.

As one of the only product security standards recognized worldwide, Common Criteria (ISO 15408) can be used to certify any IT system or device providing security functions. Additionally, Common Criteria is a market-entry requirement, or a specific security assurance requirement, in some countries.

Our team of project managers and evaluators has more than 25 years of experience in this area and has a demonstrated commitment to independent, reliable cybersecurity testing.

eIDAS Regulation

eIDAS is the European regulation for the certification of trusted services providers.

DEKRA holds ISO/IEC 17065 accreditation and acts as a Certification Assessment Body (CAB) for auditing and certification. Our dedicated team of experts has experience with electronic signature systems, signature certificates, time stamp certificates, electronic delivery, signature preservation, and more.

FIPS 140-3

DEKRA provides expert product certification services for the FIPS 140-3 standard and corresponding ISO 19790 standard. FIPS 140-3 is the standard to certify cryptography implemented in hardware, firmware, and software products, and ISO 19790 is an equivalent standard based on FIPS 140-3.

Our FIPS 140-3 evaluation confirms that the cryptographic model utilized within a security system will effectively protect sensitive information. Our certification laboratory members have more than 20 years of experience in evaluations with all types of cryptographic modules.

IEC 62443

IEC-62443 is a series of standards that secure Industrial Automation and Control Systems (IACS). It provides a systematic and practical approach to cybersecurity for industrial plants, the Industrial Internet of Things (IIoT), and the Internet of Things (IoT). Every stage and aspect of industrial cybersecurity is covered, from risk assessment through operations.

The networking of industrial devices means that their safe operation increasingly depends on protection against security threats. As a result, cybersecurity is an important pillar of overall security and a necessary part of our conformity assessment procedure.

DEKRA is an accredited testing laboratory according to DIN EN ISO/IEC 17025:2005. We test security on the basis of the DIN IEC 62443 series of standards:

  • Secure product development life cycle requirements (DIN EN 62443-4-1)
  • Technical security requirements for IACS components (DIN EN 62443-4-2)
  • System security requirements and security levels (DIN EN 62443-3-3)
  • Security program requirements for IACS service providers (DIN IEC 62443-2-4)


LINCE is a CCN lightweight evaluation and certification standard used to certify IT products with low or medium criticality. It includes a limited scope for evaluations in terms of timing and effort, which makes it an attractive option for vendors with time-sensitive requirements.


The GSMA Network Equipment Security Assurance Scheme (NESAS) provides security assurance to operators and vendors, ensuring a common baseline security level for the industry. DEKRA’s experienced assessment team provides life cycle process audits and network equipment evaluations for manufacturers

Contact Us