Common Criteria | Certification

The Common Criteria certificate is automatically recognized in a wide range of countries, spread across multiple continents, like EU, USA, Australia, UK and parts of Asia.

> IoT | Testing & Certification > Common Criteria

COMMON CRITERIA | CERTIFICATION

Common Criteria (CC) is one of the most internationally recognized certification schemes for the evaluation of IoT, IT and OT products. The process of evaluation and certification is based on the Common Criteria standard, which includes clear requirements for the preparation and assessment of products in scope. In principle, any product that offers an amount of security relevant functionalities can be evaluated based on CC.

SCOPE OF COMMON CRITERIA STANDARD

The Common Criteria standard includes:

  • Embedded devices (IoT, ICS SCADA, medical devices, automotive components, smart meters, etc.)
  • Software products
  • Operating systems
  • Web and mobile applications
  • Network and telecommunication devices
  • Smart cards and ICs
  • Printers and copy machines
Highlight-image

Also read: EUCC - A NEW CYBERSECURITY SCHEME FOR THE CERTIFICATION OF ICT PRODUCTS IN EUROPE

The European Union Cybersecurity Certification (EUCC) represents a fresh approach to certifying information and computer technology (ICT) products within Europe.

EUCC is founded on the Common Criteria (CC) certification scheme, which integrates internationally recognized innovative concepts to meet stakeholders' needs, including enhanced provisions for patch management, vulnerability management and vulnerability disclosure in certified products.

More information on EUCC

ADVANTAGES OF COMMON CRITERIA CERTIFICATION

  • The Common Criteria certificate is automatically recognized in a wide range of countries, spread across multiple continents. For example EU, USA, Australia, UK and parts of Asia. A CC certificate can enable important advantages and market recognition for the certified product. The certification is particularly useful for selling the product to local governments, where the security of the product is of high importance. At the same time, such a certification could allow in partnerships with major players in the supply chain industry, for example network and telecommunication providers. Finally, a CC certification for your product allows to match (or surpass) the competitors on a particular domain in terms of brand value and recognition.
  • A Common Criteria evaluation can be conducted at various levels, named Evaluation Assurance Levels (EALs). There are 7 available EAL levels for conducting the evaluation, each of them increasing progressively in the depth and scope of the evaluation. While high risk products (for example smart cards) are suitable for the higher levels of evaluation, general software or embedded products can well benefit from a CC certificate in the range of EAL1 – EAL4.

HOW WE SUPPORT YOU

Secura helps large and medium sized organizations all over Europe raise their cyber resilience. We know the importance of compliance to cybersecurity regulations.

We offer Common Criteria evaluation services under the Dutch CC scheme – NSCIB. We can support you along the whole process of evaluation, starting with the proper preparation and documentation support, all the way to the testing and certification support phases.

Secura is part of the Bureau Veritas Group, a listed company and world leader in testing, inspection and certification services.

Fact Sheets & White Papers

USP

Practical Guide to CRA

How to navigate the Cyber Resilience Act.

Download
USP

Common Criteria

Overview of Common Criteria and our services. Fact Sheet

Download
USP

Implementation Guide Common Criteria for Software and Embedded Products

Common Criteria Implementation guide | White Paper

Download
USP

Industrial Products Standard and

What are the best options for your products?

Download
USP

Consumer IoT Standards and Certification

What are the best options for your products?

Download

More Information

Would you like to learn more about our Common Criteria Certification Services? Please fill out the form below, and we will contact you within one business day.

USP

Related Services

BSPA

Article image

Use our BSPA Assessment Service to demontrate compliance of your products against the Dutch BIO Framework (Baseline Informatiebeveiliging Overheid).

Industrial Products | Testing & Certification

Article image

Industrial Control Systems (ICS) are crucial in critical infrastructures like nuclear plants, oil & gas industry, transportation, chemicals processing, and other process industries.

Medical Devices | Testing & Certification

Article image

Have your medical devices tested and certified against international standards like IEC 62443, UL 2900 and Common Criteria with Secura's IoT cybersecurity services.

Automotive | Testing & Certification

Article image

Discover how to comply with UNECE R155/R156 as an Automotive manufacturer or supplier. Our comprehensive services cover pre-audits, regulation audits, and workshops, helping you achieve full compliance.

ABOUT SECURA

Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.

Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.