Solution: Common Criteria | ISO/IEC 15408

Solution: Common Criteria | ISO/IEC 15408

Thomas Doms

TÜV AUSTRIA-Platz 1 2345 Brunn am Gebirge Österreich

+43 5 0454 6313

Send email

TÜV AUSTRIA CERT GMBH

TÜV AUSTRIA-Platz 1
2345 Brunn am Gebirge
Tel: +43 (0)504 54-6048
Fax: +43 (0)504 54-8145
E-Mail: cert@tuv.at
tuv.at/cert

Product safety: Common Criteria (ISO/IEC 15408)

Certification procedure

  • 1.

    Planning

  • 2.

    Document review

  • 3.

    On-site visit

  • 4.

    Testing

  • 5.

    ETR & CR

  • 6.

    Conclusion & certificate

"Show that your product meets required security levels: Comprehensive evaluation identifies areas for improvement, globally recognized certification."

Common Criteria (ISO/IEC 15408)

Common Criteria (ISO/IEC 15408) is one of the most comprehensive and complex standards dealing with product safety. Common Criteria certification is a globally recognized proof of a product’s safety properties.

Advantages

  • Show your customers and business partners that your product meets the required security level.
  • Comprehensive evaluation reports that identify areas for improvement.
  • Globally recognized certification.
  • Lower costs and higher efficiency compared to European evaluation facilities.

Introduction of Common Criteria

The Common Criteria for Information Technology Security Evaluation (CC) and the associated Common Methodology for Information Technology Security Evaluation (CEM) are the technical basis for an international agreement, the Common Criteria Recognition Arrangement (CCRA), which ensures that:

  • Products can be evaluated by competent and independent licensed laboratories to determine compliance with certain security characteristics to some degree or certainty.
  • Supporting documents, are used within the Common Criteria certification process to define how the criteria and evaluation methods are applied in the certification of specific technologies.
  • Certification of the security properties of an evaluated product can be issued by a number of certification bodies, and this certification is based on the outcome of their evaluation.

These certificates are recognized by all signatories of the CCRA.

1. Common Criteria approach

  • Workshop for the training of the Common Criteria
    • General Model
    • Components for security functions and assurance
    • Protection Profiles
  • Scoping of the Target of Evaluation (TOE)
    • Analysis of the components of the target product
    • Optimization of the scope of the product for evaluation
  • Gap Analysis
    • Analysis of the current situation of the product
    • Analysis of the current situation of the site and process
    • Report on gap analysis
  • Consulting for the preparation of safety requirements (ST)o Interpretation of the requirement of ST
    o Demo of each part of the ST
    o Lead and review the ST of the customer 

2. Prepare evaluation certificates

  • Common Criteria Documentation Workshop
    • CC required documentation in each class
    • How to write documents in CC
  • Advice on how to meet security requirements and improve security features
    • Analysis of the functional security requirements of the TOE.
    • Review and improvement of security features
  • Advice on establishing a secure development process and product life-cycle management
    • Analysis of process and life cycle management
    • Improvement of security controls
  • Consultation to increase on-site security
    • On-site audit of development sites
    • Findings and suggestions for site security

3. Evaluation object

  • Documentation review and feedback
    • Rapid review of documents and immediate feedback
    • Detailed review of documents and formal comments
  • Vulnerability analysis and penetration testing
    • Vulnerability analysis based on different levels of attack potentials
    • Actual penetration testing of attack potentials
  • Evaluation of observation reports
    • CB approved observation reports for each class
    • Explanation of the observation reports

4. Certification

  • Evaluation Technical Report to Certification Body
    • Prepare final technical evaluation report (ETR).
    • Have ETR approved by CB
  • Assist with certification body’s certification process
    • Multiple meetings with CB during various phases of the evaluation process.
    • Procedures of the certification process

"*" indicates required fields

Land*
Address
This field is for validation purposes and should be left unchanged.

I am tami

Are you here for the first time? I will be happy to help you find your way around.

Check certificate

Find a solution

Submit science award

Check certificate

  • Person Certificate

  • Product Certificate

  • System Certificate

  • Verification of Conformity

Enter the data and check a certificate

Find a solution

WiPreis einreichen

WiPreis submit

"*" indicates required fields

1
2
3
4
First, please select in which category you would like to submit*