Skip to searchSkip to main content
Brightsight

  • Common Criteria

Common Criteria (ISO/IEC 15408:2022) is the most widely recognised and comprehensive IT security standard in the world that can be used to certify any IT system or device providing security functions. More than 25 countries participate in the mutual recognition of Common Criteria certification. Some countries specifically require a CC certificate before a product launch. A Common Criteria certification for IC/smart card products is usually required for the application of these products in national identification documents (e-Passport, national ID card) and other general-purpose usages. 

Brightsight offers security evaluation based on the Common Criteria requirements under internationally recognised SOGIS Common Criteria certification bodies (e.g. NSCIB, BSI, CCN, Sertit, TSE, CSA) and EUCC certification bodies. We have an approach for several schemes to support developers in creating dedicated documentation and making maximum reuse of existing documentation without losing quality. 

EUCC

As of February 2025, the EUCC has replaced the European SOGIS schemes with a transition period ending on 27 February 2026.

Brightsight is licensed as an IT Security Evaluation Facility (ITSEF) under the European Cybersecurity Act (CSA) legislation by the Dutch Authority for Digital Infrastructure Rijksinspectie Digitale Infrastructuur (RDI) in their role as National Cybersecurity Certification Authority (NCCA). 

This means all five licensed European laboratories of Brightsight (located in Delft, Barcelona, Madrid, Graz, Meyreuil) are authorized to perform security evaluations of IT products as independent test labs under the EU Cybersecurity Certification Scheme on Common Criteria (EUCC) on the assurance levels Substantial and High for all technical domains.

More info about EUCC

Common Criteria certifications include:

NSCIB logo
Bundesamt für Sicherheit in der Informationstechnik logo
SERTIT logo
Centro Criptológico Nacional logo
NSCIB: Netherlands Scheme for Certification in the Area of IT Security (The Netherlands)
BSI: Bundesamt für Sicherheit in der Informationstechnologie (Germany)
SERTIT: Certification Authority for IT Security (Norway)
CCN: Centro Criptológico National (Spain)
eIDAS: Electronic ID and Signature
Common.SECC logo
TSE logo
DTS Cybersecurity Standard for Connected Diabetes Devices logo
FeliCa scheme logo
National IT Evaluation Scheme logo
Common.Secc
TSE: Turkish Standards Institution (Turkey)
DTSec
FAST: FeliCa Approval for Security and Trust
NITES
SOGIS logo
CSA Singapore logo
Mifare logo
SESIP logo
CCRA
SOGIS: Evaluations of general IT security products up to EAL4, evaluations of hardware devices with security boxes, smartcards and similar devices up to EAL7
Cyber Security Agency of Singapore
Mifare
SESIP
Overview of Common Criteria certified products

Formal evaluation

A formal evaluation is a Common Criteria, EMVCo, or payment-brand-specific evaluation with the involvement of a Common Criteria, EMVCo or payment brand certification body.

Brightsight can support you at any stage of the development process. We have a proven concept and track record in helping our customers get certifications while minimising risks, overall costs, evaluation time and time to market.

Brightsight certificate

If you do not require an internationally recognised certificate, Brightsight can also provide you with an evaluation based on Common Criteria methodology resulting in a Brightsight Certificate. 

Training

Our customized Common Criteria training include:

  • Smart card security training
  • Common Criteria training
  • Common Criteria evidence and documents training