Common Criteria security evaluation
Common Criteria (ISO/IEC 15408) is the most widely recognised and comprehensive IT security standard in the world, and can be used to certify any IT system or device providing security functions. More than 25 countries participate in the mutual recognition of Common Criteria certification. Some countries specifically require a CC certificate before a product launch. A Common Criteria certification for IC/smart card products is usually required for the application of these products in national identification documents (e-Passport, national ID card) and other general-purpose usages.
Brightsight offers security evaluation based on the Common Criteria requirements under internationally recognised Common Criteria certification bodies (e.g. NSCIB, Sertit, SOGIS, TSE). We have an approach for the Dutch and Norwegian schemes to support developers in creating dedicated documentation, making maximum reuse of existing documentation without losing quality.
Common Criteria certifications include:
- NSCIB: Netherlands Scheme for Certification in the Area of IT Security (The Netherlands)
- BSI: Bundesamt für Sicherheit in der Informationstechnologie (Germany)
- SERTIT: Certification Authority for IT Security (Norway)
- CCN: Centro Criptológico National (Spain)
- eIDAS: Electronic ID and Signature
- Common.Secc
- TSE: Turkish Standards Institution (Turkey)
- DTSec
- FAST: FeliCa Approval for Security and Trust
- NITES
- CCRA
- SOGIS: Evaluations of general IT security products up to EAL4, evaluations of hardware devices with security boxes, smartcards and similar devices up to EAL7
- Cyber Security Agency of Singapore
- Mifare
- SESIP
Formal evaluation
A formal evaluation is a Common Criteria, EMVCo, or payment-brand-specific evaluation with the involvement of a Common Criteria, EMVCo or payment brand certification body.
Brightsight can support you at any stage of the development process. We have a proven concept and track record in helping our customers get certifications while minimising risks, overall costs, evaluation time and time to market.
Brightsight certificate
If you do not require an internationally recognised certificate, Brightsight can also provide you with an evaluation based on Common Criteria methodology resulting in a Brightsight Certificate. We can provide support at any stage of the development process and have a strong track record in supporting customers throughout a certification processes. Our customised Common Criteria training courses include:
- Smart card security training
- Common Criteria training
- Common Criteria evidence and documents training
