We have successfully performed security evaluations on a variety of different devices over the last 15 years. These include, for example:

Application related devices

  • Applications running on middleware platforms in an IT environment containing COTS products
  • High-assurance PC protection product
  • Key generation application
  • Personal identifiers for Internet Banking
  • Anti-skimming devices for ATMs
  • USB sticks with fingerprint detector

Network related devices

  • Boundary device between classified and public domains
  • Hardware Data Diode
  • Military Security Filters and gateways
  • Network printer controller
  • VPN-firewall



These products have been evaluated against multiple sets of requirements including standards like Common Criteria and also requirements specifically tailored for customer’s needs. Sometimes it is sufficient to have a brief product evaluation (weeks) and sometimes an in-depth evaluation (months – years) provides the assurance needed. We can apply several product evaluation approaches. These approaches range from high-level document analysis to evaluations in combination with practical tests. A Common Criteria evaluation, or parts thereof, is often a useful format. In all cases, however, we bring the knowledge to ask the right security questions to evaluate the design you have. The following table gives examples of possible approaches.