What atsec Offers
atsec has extensive experience with Common Criteria projects. Please take a look at our list of successful evaluations.
Only a limited number of laboratories worldwide are officially accredited and licensed to perform evaluations based on the Common Criteria. atsec offers a full range of services to meet your needs in planning and pursuing Common Criteria evaluation:
- Readiness assessment to help you estimate the level of effort that will be required to successfully evaluate the security functions of your product.
- Conformance evaluation resulting in a certificate issued by one of the following:
- U.S. National Information Assurance Partnership’s (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS),
- German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI).
- Swedish CC scheme, Sveriges Certifieringsorgan för IT-säkerhet (CSEC) operated by FMV.
- Italian CC scheme, Organismo di Certificazione della Sicurezza Informatica (OCSI).
- Conformance evaluation resulting in mutual recognition under
- Consulting services include:
- Production of a Security Target
- Discovery or production of evidence to support the evaluation project
- Production of a Protection Profile
- Protection Profile evaluation
- Education and training for your staff to optimize your efforts in pursuing Common Criteria certification
- Migration assistance to Common Criteria version 3.1 and the forthcoming ISO/IEC 15408 revision.
Why Our Services are Important to You
The evaluation of technical components and products against internationally-accepted, standardized criteria allows companies to objectively demonstrate the reliability of its security functionality.
The Common Criteria (CC) and the internationally-recognized ISO standard (ISO/IEC 15408) is used by governments and other organizations to assess security and assurance of information technology products. The CC standard provides a uniform way of expressing security requirements and defines a set of rigorous criteria by which a product’s security aspects (for example, development environment, security functionality, and handling of security vulnerabilities) can be meaningfully evaluated.