atsec information security
Common Criteria, FIPS 140-3, EUCC, NESAS, PCI and more.
Who we are
atsec information security is an independent, privately-owned company that focuses on providing laboratory testing, evaluation, validation, and training services for information security.
Where we are
atsec US:
atsec Europe:
atsec Asia:
See you at
ICMC 2025
Apr. 4-6th 2025, Toronto, Canada
ICMC
atsec is the proud founder of the International Cryptographic Module Conference, having initiated and named the conference in 2013. The ICMC brings together vendors, labs, agencies, and academia to advance crypto module validation, and atsec chairs the conference. While atsec has delegated the conference’s production to an event media partner, atsec remains an exclusive and permanent Platinum Sponsor. We consider the ICMC one of our greatest achievements, as it is a much-appreciated venue for an annual gathering of crypto module practitioners.
CMUF
As a companion to the ICMC, atsec created the Crypto Module User Forum (CMUF) in 2014 to make a space for sharing ideas and inspiring innovation among crypto module professionals. With Amazon generously providing the cloud platform and atsec hosting the forum portal, we’re happy to make this resource freely available to CMUF members. atsec also serves as the liaison officer between the CMUF and ISO/IEC JTC1/SC27 WG3 that develops the international standards for cryptographic module validation. With over 800 members and still growing, the CMUF is another of our great achievements.
CCUF
atsec played an instrumental role in creating the Common Criteria User Forum (CCUF) for evaluators, vendors, and certification bodies to discuss the Common Criteria (CC) standard and has been a member of the CCUF management board since its inception. atsec also contributes to many TCs/iTCs (International Technical Communities) to develop Protection Profiles, such as ND cPP, DSC cPP, DBMS cPP, GPOS PP, Application SW PP, and more, and up until the ISO/IEC 15408:2022 publication, atsec was an active ISO editor for CC.
Our Services
How we can be of service?
We provide services for a variety of business cases and industries.
IT Evaluation & Assessment
atsec information security offers IT evaluation and assessment services, focusing on standards-based evaluations of commercial off the shelf (COTS) hardware, software, and organizational security. Key services include Common Criteria (ISO 15408) evaluation, Security Content Automation Protocol (SCAP), Open Trusted Technology Provider Standard (O-TTPS) development, and IEEE 2621 certification for medical device cybersecurity.
Cryptographic Testing
atsec information security provides FIPS 140-3 testing services to help clients understand the requirements and assess product readiness, and performs conformance testing for the Cryptographic Algorithm Validation Program (CAVP) and Entropy Source Validation (ESV) to ensure proper implementation and compliance with standards.
Telecommunication
atsec information security offers GSMA NESAS Audits and SCAS Testing, part of the Network Equipment Security Assurance Scheme (NESAS) jointly led by 3GPP and GSMA. These services are available to all vendors of network equipment products supporting 3GPP-defined functions. We also provide BSI NESAS-CCS-GI services within this collaborative framework.
Identity
atsec information security provides testing services for NIST Personal Identity Verification Program (NPIVP), ensuring compliance with FIPS 201 standards for U.S. Federal identification products. We also offer eIDAS Trust Service Provider Assessments to help clients meet EU requirements for electronic ID systems and Qualified Trust Services. Additionally, atsec China is an accredited lab for FIDO, supporting secure, passwordless authentication standards.
Certification
atsec Sweden is an accredited private Certification Body according to ISO / IEC 17065, specialized in Common Criteria ISO 15408 and 18045, offering a certification scheme in collaboration with 17025 accredited laboratories. Our private Certification Body is accredited by Sweden’s national accreditation body, SWEDAC, against requirements specified in the CC ISO 15408 and 18045.
Payment Security
As a qualified PCI QSA, ASV, Secure Software & Secure SLC assessor, P2PE, 3DS assessor, PIN security assessor, CPSA, and PFI, atsec China offers a full range of services to support organizations in achieving PCI compliance. atsec has also contributed to the payment security industry since the beginning as a Global Executive Assessor Roundtable member.
Are you ready?
Read our quick start guide and take the first step on your journey to certification.
The Information Security Provider
Read Our Latest Blog Articles
Learn the latest and greatest about information security. You’ll find insights and analyses of recent developments in technology and policy on our blog.
-
Final Call to Submit for Interim Validation
The CMVP is moving back to its normal certification process, which means interim submissions are being closed.
-
atsec at the PCI Community Meeting 2024
atsec recently presented at the PCI SSC Asia-Pacific Community Meeting.
-
atsec at the CCUF and ICCC24 in Qatar
atsec is attending the CCUF and ICCC24, where we’re excited to meet with colleagues from across the globe.
atsec information security
Join our team!
Seeking a New challenge? We are a dedicated team in a fast growing market. Send us your application.