Common Criteria

Common Criteria (ISO/IEC 15408) is the most widely recognised and comprehensive IT security standard in the world, and can be used to certify any IT system or device providing security functions. More than 25 countries participate in the mutual recognition of CC certificationSome countries specifically require a CC certificate before a product launch. A Common Criteria certification for IC/smart card products is usually required for the application of these products in national identification documents (e-Passport, national ID card) and other general-purpose usages. 

SGS Brightsight offers security evaluation based on the CC requirements under internationally recognised CC certification bodies (e.g. NSCIB, Sertit, SOGIS, TSE). We have an approach for the Dutch and Norwegian schemes to support developers in creating dedicated documentation, making maximum reuse of existing documentation without losing quality. 
Common Criteria certifications include:
  • NSCIB: Netherlands Scheme for Certification in the Area of IT Security (The Netherlands)
  • BSI: Bundesamt für Sicherheit in der Informationstechnologie (Germany)
  • SERTIT: Certification Authority for IT Security (Norway)
  • CCN: Centro Criptológico National (Spain)
  • eIDAS: Electronic ID and Signature
  • Common.Secc
  • TSE: Turkish Standards Institution (Turkey)
  • DTSec
  • FAST: FeliCa Approval for Security and Trust
  • CCRA
  • SOGIS: Evaluations of general IT security products up to EAL4, evaluations of hardware devices with security boxes, smartcards and similar devices up to EAL7
  • Cyber Security Agency of Singapore
  • Mifare

A formal evaluation is a Common Criteria, EMVCo, or payment-brand-specific evaluation with the involvement of a Common Criteria, EMVCo or payment brand certification body.

SGS Brightsight can support you at any stage of the development process. We have a proven concept and track record in helping our customers get certifications while minimising risks, overall costs, evaluation time and time to market.

If you do not require an internationally recognised certificate, SGS Brightsight can also provide you with an evaluation based on CC methodology resulting in a SGS Brightsight Certificate. We can provide support at any stage of the development process and have a strong track record in supporting customers throughout a certification processes. Our customised CC training courses include:
  • Smart card security training
  • CC training
  • CC evidence and documents training