Common Criteria Services according to ISO 15408 International Standard
The Common Criteria for Information Technology Security Evaluation (Common Criteria or CC) is an international standard (ISO / IEC 15408) for IT product security certification. It is a framework that provides criteria for independent, scalable and globally recognized security inspections for IT products. It is especially designed for products destined for highly security-intensive markets, such as governmental, banking or military sectors. Certification according to this standard is therefore essential.
TÜV Rheinland experts are happy to support you with extensive common criteria consultation services during the complex evaluation process leading to final certification by a certification body.
Benefits of Our Common Criteria Services at a Glance
Our common criteria services offer you:
- Professional support and help with the CC evaluation and certification of your product.
- Well-trained personnel with in-depth knowledge of the Common Criteria standard.
- Reliable and extensive evaluation services from an independent Certification Body.
- Tailored consultancy on IT product security and certification.
Please contact us to learn more about how our common criteria services according to ISO 15408 can benefit your company.
Common Criteria Consultancy
We can help you select the appropriate Protection Profile, prepare the Security Target and we can also effectively support the development of all other documentation from security architecture description to the depth of testing analysis.
With our assistance you can minimize the dedicated internal resources and spending to achieve common criteria certification to your product.
We offer evaluation services via partner evaluation facilities, but we can also help if you require a certificate under a different national scheme, and you look for a CC expert who can help to get over the difficulties of certification.
Common Criteria Evaluation
With the support of a third party contracted laboratory, we perform Common Criteria evaluations of your computer security products and systems.
In order to examine and evaluate the security of IT systems and products, experts from our partner laboratory must first define a target of evaluation (TOE) allowing for further assessment of current and applicable documentation.
Following documentation review, our experts can provide you with strategic consultancy services and assist you in document creation. The targets defined earlier are then evaluated in detail.
Upon completion of the documentation review and a thorough CC evaluation, we can provide you support and help you attain your IT product security certification.
CC Evaluation and Claims Validation
The CC evaluation validates claims made about a safety target and verifies the target's security features by inspecting:
- The Security Target (ST), that is, the document identifying the target’s security properties.
- The Protection Profile (PP), that is, the document identifying security requirements for a certain class of security devices.
- The Security Functional Requirements (SFRs), that is, the document specifying individual security functions which may be provided by a product.
CC Evaluation and Security Level of Confidence
In an attempt to determine the level of confidence attributed to a product's security features, thorough CC evaluation from our third party contracted laboratory includes the following quality assurance processes:
- The Evaluation Assurance Level (EAL) corresponds to a package of security requirements and rates the depth and rigor of a CC evaluation.
- The Security Assurance Requirements (SARs) describe measures taken during the development and evaluation of a safety product in order to ensure compliance with the claimed security functionalities.
ISO 15408 - Common Criteria for Information Technology Security Evaluation
The Common Criteria for Information Technology Security Evaluation or CC is the international ISO/IEC 15408 standard for the certification of computer security.
This framework provides models of Protection Profiles (PPs) - documents identifying security requirements for a specific range of security devices - to help computer users specify their security requirements enabling computer retailers to implement appropriate and adequate security attributes. These attributes can then be officially tested and evaluated to validate compliance with all applicable requirements.
Thus, Common Criteria ensures that the specification, implementation and evaluation of a computer security product has been properly conducted.
Common Methodology for Information Technology Security Evaluation
The Common Methodology for Information Technology Security Evaluation is a document supplemental to the Common Criteria which defines the minimum actions that must be performed to conduct an acceptable CC evaluation according to the ISO 15408 standard criteria.
Common Criteria Recognition Arrangement
Formerly called Mutual Recognition Arrangement (MRA), the CCRA is a treaty under which each signing member recognizes evaluations carried out by other parties in accordance with the Common Criteria standard. Originally signed by Canada, France, Germany, the United Kingdom and the United States in 1998, there are currently 26 CCRA members.