Common Criteria Services
The Common Criteria (CC) and the internationally-recognized ISO standard (ISO 15408) are used by governments and other organizations to assess security and assurance of information technology products. The CC standard provides a uniform way of expressing security requirements and defines a set of rigorous criteria by which a product's security aspects (for example, development environment, security functionality, and handling of security vulnerabilities) can be meaningfully evaluated. The CC standard provides a consistent way to define and test compliance to security requirements. The CC define a range of strict criteria to evaluate a product according to its security aspects (for example the development environment, the security functionality and the handling of security vulnerabilities). This allows an objective verification of the trustworthiness of a security product.
atsec is one of the most experienced evaluation lab in the world. Members of atsec have been heavily involved in the development of the German and European information security criteria that where the basis for the Common Criteria. Today atsec is still involved in the further development of the Common Criteria and supports national agencies in the set up of their own certification schemes for Common Criteria.
As of today, atsec has performed more than a hundred of CC evaluations of various information security products. This includes large, complex software systems like operating systems. databases, firewalls and printing systems of international manufacturers like Apple, Cray, HP, IBM, Microsoft, Océ, Oracle, RedHat, SGI und SuSE.
atsec is accredited as a Common Criteria evaluation lab in Germany by the Bundesamt für Sicherheit in der Informationstechnik (BSI), in Italy by Organsimo di Certificazione della Sicurezza Informatica (OCSI), in Sweden by CSEC, and in the USA by NIAP. The certificates from these countries are recognized in 26 Countries.
Our Common Criteria portfolio encompasses the following services:
- Readiness assessment: Prior to evaluation and certification our experienced evaluators perform an on-site check that shows which parts of the product and the development environment are already fit for an evaluation and which parts require work to become ready for an evaluation. This includes the preparation of a strategy and project plan for the evaluation that ensures that costs, resources and project risks are fully transparent.
- Product evaluation: The evaluation of a product by one of our evaluation laboratories to achieve an internationally recognized CC-certificate.
- Development and evaluation of Protection Profiles
- Support of the evaluation by an independent consulting team
- Development of the Security Target (ST).
- Discovery or production of evidence to support the evaluation project.
- Migration assistance to Common Criteria version 3.1, new protection profiles and evaluation assurance levels.
- Education and training for your staff to optimize your efforts in pursuing Common Criteria certification.
- Education and training for manufacturers, government agencies, evaluators and certifiers on all Common Criteria topics.
- Support for the establishment of national certification schemes.