Dirk-Jan Out, CEO of Brightsight, was co-creator of the Common Criteria and CEM and was involved in the establishment of several security schemes. His focus is on improving the time-to-market of CC, payment and IoT security evaluations.

Common Criteria (ISO/IEC 15408) is the most widely recognised and comprehensive IT security standard in the world, and can be used to certify any IT system or device providing security functions. More than 25 countries participate in the mutual recognition of CC certificationSome countries specifically require a CC certificate before a product launch. A Common Criteria certification for IC/smart card products is usually required for the application of these products in national identification documents (e-Passport, national ID card) and other general-purpose usages. 

Brightsight offers security evaluation based on the CC requirements under internationally recognised CC certification bodies (e.g. NSCIB, Sertit, SOGIS, TSE). We have an approach for the Dutch and Norwegian schemes to support developers in creating dedicated documentation, making maximum reuse of existing documentation without losing quality. 
Common Criteria certifications include:
  • NSCIB: Netherlands Scheme for Certification in the Area of IT Security (The Netherlands)
  • SERTIT: Certification Authority for IT Security (Norway)
  • CCN: Centro Criptol√≥gico National (Spain)
  • eIDAS: Electronic ID and Signature
  • Common.Secc
  • TSE: Turkish Standards Institution (Turkey)
  • DTSec
  • FAST: FeliCa Approval for Security and Trust
  • NITES
  • CCRA
  • SOGIS: Evaluations of general IT security products up to EAL4, evaluations of hardware devices with security boxes, smartcards and similar devices up to EAL7
  • Cyber Security Agency of Singapore
  • Mifare
  • SESIP


FORMAL EVALUATION
A formal evaluation is a Common Criteria, EMVCo, or payment-brand-specific evaluation with the involvement of a Common Criteria, EMVCo or payment brand certification body.


Brightsight can support you at any stage of the development process. We have a proven concept and track record in helping our customers get certifications while minimising risks, overall costs, evaluation time and time to market.

BRIGHTSIGHT CERTIFICATE
If you do not require an internationally recognised certificate, Brightsight can also provide you with an evaluation based on CC methodology resulting in a Brightsight Certificate. We can provide support at any stage of the development process and have a strong track record in supporting customers throughout a certification processes. Our customised CC training courses include:
  • Smart card security training
  • CC training
  • CC evidence and documents training

Read the latest CC news here