Skip to searchSkip to main content
  • _csp_www_brightsight_com_contact-us
Brightsight

  • Meet NATO Information Assurance and NIAPC requirements with Common Criteria

    We support cybersecurity and technology vendors in preparing Common Criteria–based evaluations aligned with NATO Information Assurance and NIAPC expectations.

    Trusted by defense & high-security industries

    End-to-end evaluation and certification support

    Work with experts cleared for classified and high-assurance projects

    START YOUR NATO CERTIFICATION JOURNEY

Why NATO requires cybersecurity assurance and certification

NATO operates in one of the most demanding security environments in the world. Every product, system, or technology integrated into allied operations must meet strict cybersecurity requirements to protect classified information, ensure interoperability between member nations, and safeguard critical defense infrastructure from increasingly sophisticated threats.

Cybersecurity certification is not optional — it is a mandatory gateway. It provides the independent assurance that NATO and its member states need to trust a product before it can be procured, deployed, or connected to sensitive networks. Without recognized certification, even the most innovative solutions cannot enter the NATO ecosystem.

NATO Information Assurance requirements are implemented through a combination of technical evaluation frameworks, NATO‑defined policies, and national certification schemes:

Common Criteria (ISO/IEC 15408)

Common Criteria forms the foundation of cybersecurity evaluation for NATO Information Assurance. It provides a harmonised, internationally recognised framework for assessing security functionality and assurance levels across NATO member nations.

Information Assurance requirements defined by NCIA

Policies and requirements defined by the NATO Communications and Information Agency (NCIA) set Information Assurance expectations for NATO systems and guide how security evaluation results are interpreted and applied within NATO environments.

National certification schemes within NATO member states

National certification schemes issue certification decisions based on recognised evaluation results, enabling consistent trust and recognition across NATO member nations.

Common Criteria as the foundation for NATO Information Assurance

NATO and national defense systems rely on trusted technologies to protect classified information and mission‑critical infrastructure. To ensure interoperability and security across allied nations, products must undergo independent evaluation against internationally recognised standards. 

NATO Information Assurance (NIA) requirements define how products must be evaluated and approved for use in NATO and national defense environments. NIA requirements are based on Common Criteria (ISO/IEC 15408), the internationally recognised evaluation framework used to support NATO product approval, inclusion in the NATO Information Assurance Product Catalogue (NIAPC), and national security accreditation processes. Products included in the NIAPC must be supported by recognised Common Criteria evaluation results, or by
evaluation results from alternative schemes that are formally aligned with or mapped to Common Criteria.

As a Common Criteria evaluation laboratory, Brightsight supports vendors in aligning their evaluations with NATO Information Assurance and NIAPC requirements, including Protection Profiles, Security Targets, and Assurance Levels relevant to NATO use cases.

Common Criteria is the recognised evaluation framework that serves as the foundation for NATO Information Assurance requirements.

The NATO Information Assurance Product Catalogue (NIAPC)

The NATO Information Assurance Product Catalogue (NIAPC) serves as a reference catalogue for NATO nations and NATO civil and military bodies. It lists Information Assurance (IA) products that have been evaluated in support of NATO operational requirements and are deployed or available for procurement within NATO environments.

NIACP acts as the authoritative central register of Security Enforcing Products (SEP), supporting NATO Information Assurance requirements and associated activities to introduce and operationalize new systems, solutions, and commercial security products for the handling of NATO information. 

Accessing NATO environments is complex. Certification is mandatory.

Having products considered for NATO and national defense procurement is not just about innovation. You need to prove that your product is:

Secure

Meeting rigorous Information Assurance requirements, including Common Criteria

Independently evaluated

Using recognised international evaluation frameworks

Trusted

By national authorities within NATO member nations

I

Without the right expertise, navigating Common Criteria–based evaluation and NATO requirements can be slow, costly, and high‑risk.

We guide you from concept to NATO-aligned security evaluation

Brightsight is an accredited Common Criteria IT Security Evaluation Facility (ITSEF) 
supporting companies in navigating security evaluation and certification pathways aligned with NATO Information Assurance requirements.

Accredited Common Criteria ITSEF

Internationally recognised evaluation facility for IT security products

Beyond testing — independent evaluation

Through recognised international evaluation frameworks, including Common Criteria

LEARN HOW WE CAN HELP ➜

Is this relevant to your product?

We support companies developing products that require independent security evaluation for use in high‑assurance and defense environments, including NATO contexts.

Cryptographic products

Products performing encryption, key management, or cryptographic functions are subject to the highest level of assurance scrutiny.

   Encryption solutions
   HSMs

   Secure communication modules

   Cryptographic libraries

Requirements:

   Evaluation under Common Criteria

   Review by national cryptographic authorities

   Compliance with NATO cryptographic policies

   High assurance levels (EAL4+ and above)

Non-cryptographic cybersecurity products

Products that support cybersecurity functions without directly implementing cryptography are also subject to independent evaluation.

    Firewalls

    Operating systems

    Monitoring systems

    Secure routers

Requirements:

     Security Target definition
    Threat modelling
    Functional testing and vulnerability analysis
    Evaluation under Common Criteria

Secure Hardware & Components

Secure components form the foundation of trusted NATO systems and platforms.

    Secure elements
    
T
rusted Platform Modules (TPMs)

    Microcontrollers

    Hardware root-of-trust

Requirements:

    Hardware security testing
    Penetration testing
    Lifecycle and design analysis
    Certification aligned with Common Criteria or domain-specific schemes

I

If your product needs to be trusted in high‑assurance and defense environments, we can help.

DISCUSS YOUR PRODUCT'S EVALUATION PATHWAY

Not sure where to start?

Our experts can assess your product and recommend an appropriate Common Criteria–based evaluation pathway.

GET IN TOUCH WITH OUR EXPERTS ➜

How the evaluation process works

We simplify a complex evaluation process into clear steps:

01

Define your security scope

Identify the security functions and boundaries of your product.

02

Prepare certification documentation

Build the Security Target and threat model for evaluation.

03

Run independent evaluation

Undergo rigorous evaluation activities conducted by our accredited ITSEF.

04

Obtain certification decision from the relevant authority

Evaluation results are reviewed, with certification decisions issued by the relevant national authority.

05

Support consideration for NATO procurement

Certification outcomes can support consideration for use in NATO and national defense procurement contexts, subject to applicable policies and decisions.

We guide you at every step.
DISCUSS YOUR EVALUATION ROADMAP ➜

How the evaluation process works

We simplify a complex evaluation process into clear steps:

01

Define your security scope

Identify the security functions and boundaries of your product.

02

Prepare certification documentation

Build the Security Target and threat model for evaluation.

03

Run independent evaluation

Undergo rigorous evaluation activities conducted by our accredited ITSEF.

04

Obtain certification decision from the relevant authority

Evaluation results are reviewed, with certification decisions issued by the relevant national authority.

05

Support consideration for NATO procurement

Certification outcomes can support consideration for use in NATO and national defense procurement contexts, subject to applicable policies and decisions.

We guide you at every step.
DISCUSS YOUR EVALUATION ROADMAP ➜

Why companies choose Brightsight

Proven experience in defense and space

More than 10 years of high‑assurance security evaluation projects
Experts cleared for SECRET-level projects

Security-screened specialists supporting classified work
    Accredited secure laboratories

    Facilities accredited to handle projects up to SECRET classification
    Deep expertise in cryptography, hardware and secure systems

    End‑to‑end support across the Common Criteria evaluation process

    I

    We handle projects that many labs simply can't.

    Accredited secure facilities

    Our facilities are:

    Accredited to handle information up to SECRET classification

    Aligned with European and NATO security frameworks

    Designed for secure storage, testing, and evaluation

    What we do

    End-to-end support across three clear phases:

    PHASE 1

    De-risk early
    We identify gaps and define your certification roadmap before you invest.

    PHASE 2

    Deep technical testing

    Security evaluation activities, including penetration testing and cryptographic validation.

    PHASE 3

    Certification process support

    We work with certification bodies and support you throughout the certification process.

    Result: faster certification, lower risk, higher success rate.

    GET STARTED ➜

    Key benefits

    Clearer path through defense market requirements

    Skip the learning curve. Our experience
    helps streamline preparation for NATO‑aligned procurement.
    Reduced certification risk

    Avoid costly re-evaluations with expert guidance from day one.
      Stronger credibility

      Build trust in high-security sectors
      through recognised security evaluation and certification.
        Clearer path through defense market requirements

        Skip the learning curve. Our experience
        helps streamline preparation for NATO‑aligned procurement.
        Reduced certification risk

        Avoid costly re-evaluations with expert guidance from day one.
          Stronger credibility

          Build trust in high-security sectors
          through recognised security evaluation and certification.
            Turn security evaluation into a strategic competitive advantage.
            TALK TO OUR TEAM

            Start your NATO-aligned evaluation journey

            From concept 
            → evaluation →  NATO procurement consideration

            Whether you develop a cryptographic product, secure component, or cybersecurity solution, we support you throughout the security evaluation and certification process.

            Free initial intake

            No obligation — just expert guidance

            Response within 48 hours