Getting Common Criteria certification for your product

I need a certification for my telecommunication and network product

Telecommunication and network products are mainly certified through the Common Criteria (CC). Brightsight offers CC evaluations based on a certified Protection Profile, cPP (collaborative Protection Profile) or dedicated Security Targets.

Fields of expertise

  • Telecom
  • Network
  • Access Control

Some of our customers

  • Cisco
  • Huawei
  • Safenet
  • ZTE

The process of getting a certificate

Common Criteria (CC) certification

The most recognized and comprehensive IT security standard in the world that can be used to certify any IT system or device providing security functions. More than 25 countries are participating in the mutual recognition of CC certification. Some countries specifically require a CC certificate before it can be purchased. Often a security level of EAL2 or EAL3 is used for telecommunication products.

Customised training

  • CC training
  • CC evidence and documents training

Creating dedicated documentation

Brightsight has an approach for the Dutch and Norwegian schemes to support developers in creating dedicated documentation where making maximum re-use of existing documentation without losing quality.

Pre-evaluation

  • Design and/or code review
    Identify major weaknesses in the security architecture of the telecommunication product in an early stage.
  • Document review
    Verify the completeness in content, presentation and readability of CC evidence.
  • Pre-testing
    Perform a pre-defined set of penetration tests.
  • Site pre-audit
    Explore the possible gap between the current security level of a development or production site and the requirements in an evaluation.

Security evaluation

Brightsight offers security evaluation based on the CC requirements under one of the five internationally recognised CC certification bodies (BSI, NSCIB, Sertit, IPA, TSE).

Brightsight certificate

If an internationally recognized certificate is not required, Brightsight can also provide an evaluation based on CC methodology resulting in a Brightsight Certificate.

The approach is shown in the figure on a time axes. Brightsight is able to provide support at any stage of the development and has a successful track record in supporting getting customers through a certification process.