Common Criteria: evaluation and consulting for successful certification

TÜViT is one of the world's leading testing service providers for Common Criteria (CC) and is authorized to perform evaluations according to a total of 5 different country schemes. With our 50 licensed evaluators, we have successfully completed over 600 evaluation projects according to CC (from EAL1 to EAL7). We have been assisting customers in the evaluation of their IT components, products, and systems since 1991. As a result, we are able to offer you the best evaluation approach in each case.


Competence and experience since 1991

TÜViT is recognized by the German Federal Office for Information Security (BSI) as an evaluation body for IT security according to the international Common Criteria Standard (ISO 15408) since 1991. Furthermore, the TÜViT security experts develop protection profiles on behalf of the BSI and other interest groups, e.g. in the field of biometric systems, eHealth, database management systems and smart metering.

In addition to the CC certification in Germany by the BSI, TÜViT also offers the possibility of completing certification in Japan (JISEC), Singapore (SCCS), Qatar (QCCS) or the Netherlands (NSCIB). 

Our services at a glance

  • CC evaluations of IT components and products in all evaluation levels (EAL1 to EAL7)
  • site certifications
  • development and evaluation of protection profiles
  • support for the preparation of security specifications and manufacturer´s documentation
  • workshops on the security criteria and the evaluation scope
  • consulting on evaluation processes / consulting packages
  • conduct of trainings, including training in criteria and threat situations

Our evaluation body covers the following topics

  • combined systems, e.g. hardware platforms, operating systems and applications
  • communication systems
  • database management systems
  • government applications (e.g. passport, identity card, eHealth)
  • mobile systems, e.g. smartphones
  • network devices (e.g. firewalls, VPN solutions, routers)
  • operating systems
  • payment systems (smartcard components), software and hardware evaluations
  • security controller
  • security modules
  • signature cards, terminals and applications
  • smartcard operating systems
  • smart meter gateways (with conformity test for TR-03109)
  • smartcard terminals (eHealth and payment)

Your benefits at a glance

  • we have more than 25 years of experience with globally recognized evaluations of security-critical IT components, products and systems; as a result, we are able to offer you the best evaluation approach in each case
  • unique scoping workshop concept to identify your business goals and ways to achieve them
  • support for consulting and evaluation services e.g. in English, German, Spanish, Chinese and Japanese
  • evaluation of hardware and software products with highest vulnerability assessment level (AVA_VAN.5)
  • evaluations and certifications help to minimize security risks
  • with our evaluations based on Common Criteria, you provide proof of the required security features of your IT components, products and systems
  • an evaluation according to Common Criteria offers you international advantages, as the standard is recognized worldwide

Project examples

We have successfully completed more than 600 evaluation projects according to CC (from EAL1 to EAL7), including

  • Microsoft Corporation, USA
    • SQL Server (EAL4+)
    • Exchange Server (EAL4+)
  • SAP AG, Germany
    • NetWeaver (EAL4+)
    • ABAP Application Server (EAL4+)

Other clients such as the German Federal Printing Office, the BSI, Huawei, Hitachi-Omron, Infineon, NXP, Oracle, Samsung, Panasonic or T-Systems place their trust in the skills of TÜViT.

Marc Le Guin

Director Evaluation Body for IT Security

+49 201 8999 639

Further services

Evaluation Body for IT Security

With its evaluation body for IT security, TÜViT is one of the world's leading providers of testing services for IT products and systems. The evaluation body has been recognized by the German Federal Office for Information Security (BSI) since 1991 and accredited by the DAkkS, the German Accreditation Body, according to DIN EN ISO/IEC 17025.
Read more


Hardware tests for more security: Hardware security modules or chip cards are used for the protection of sensitive data. TÜViT evaluates these IT products and their components in accordance with recognized international security standards and performs the necessary penetration tests in its own hardware test laboratory.
Read more


Making software subsequently secure is always complicated and expensive. This is why it is important to consider the subject of IT security at the beginning and throughout the entire life cycle within the framework of a Common Criteria (CC) evaluation.
Read more

Site Certification

Audit of development and production environments: If IT products are certified in accordance with the Common Criteria IT security standard or EMVCo, audits of development and production environments represent an integral part of the evaluation process. For many years now, TÜViT has been successfully carrying out site audits for production and development environments.
Read more

Technical Guidelines of the BSI

Security for government applications and health data: TÜViT is recognized by the German Federal Office for Information Security (BSI) as an evaluation body for Technical Guidelines (TR).
Read more

FIPS 140-3

Testing of crypto modules and crypto algorithms: The TÜViT test laboratory is approved by the National Institute of Standards and Technology (NIST, USA) for testing and validation according to FIPS PUB 140-3.
Read more

Electronic Payments

Components that are used within electronic payment systems must fulfil specific security standards and require corresponding approvals. TÜViT performs these approval procedures in its capacity as an accredited security assessor.
Read more


The FIDO Alliance has developed open standards especially for authentication solutions, allowing manufacturers to objectively demonstrate the security of their products. As a security laboratory accredited by the FIDO Alliance, TÜViT is entitled to perform corresponding evaluations.
Read more


TÜViT carries out security assessments throughout the entire product life cycle process in accordance with the NESAS standard. This enables us to offer network equipment manufacturers a complete audit and testing portfolio from a single source.
Read more