Common Criteria: evaluation for successful certification

TÜVIT is one of the world's leading testing service providers for Common Criteria (CC) and is authorized to perform evaluations according to a total of 5 different country schemes. With our 60 licensed evaluators, we have successfully completed over 700 evaluation projects according to CC (from EAL1 to EAL7). We have been assisting customers in the evaluation of their IT components, products, and systems since 1991. As a result, we are able to offer you the best evaluation approach in each case.


Competence and experience since 1991

TÜVIT is recognized by the German Federal Office for Information Security (BSI) as an evaluation body for IT security according to the international Common Criteria Standard (ISO 15408) since 1991. Furthermore, the TÜVIT security experts develop protection profiles on behalf of the BSI and other interest groups, e.g. in the field of biometric systems, eHealth, database management systems and smart metering.

In addition to the CC certification in Germany by the BSI, TÜVIT also offers the possibility of completing certification in Japan (JISEC), Singapore (SCCS), Qatar (QCCS) or the Netherlands (NSCIB). 

Our services at a glance

  • CC evaluations of IT components and products in all evaluation levels (EAL1 to EAL7)
  • site certifications
  • development and evaluation of protection profiles
  • support for the preparation of security specifications and manufacturer´s documentation
  • workshops on the security criteria and the evaluation scope
  • review of possible evaluation procedures
  • conduct of trainings, including training in criteria and threat situations

Our evaluation body covers the following topics

  • combined systems, e.g. hardware platforms, operating systems and applications
  • communication systems
  • database management systems
  • government applications (e.g. passport, identity card, eHealth)
  • mobile systems, e.g. smartphones
  • network devices (e.g. firewalls, VPN solutions, routers)
  • operating systems
  • payment systems (smartcard components), software and hardware evaluations
  • security controller
  • security modules
  • signature cards, terminals and applications
  • smartcard operating systems
  • smart meter gateways (with conformity test for TR-03109)
  • smartcard terminals (eHealth and payment)

Your benefits at a glance

  • we have more than 25 years of experience with globally recognized evaluations of security-critical IT components, products and systems; as a result, we are able to offer you the best evaluation approach in each case
  • unique scoping workshop concept to identify your business goals and ways to achieve them
  • evaluation services e.g. in English, German, Spanish, Chinese and Japanese
  • evaluation of hardware and software products with highest vulnerability assessment level (AVA_VAN.5)
  • evaluations and certifications help to minimize security risks
  • with our evaluations based on Common Criteria, you provide proof of the required security features of your IT components, products and systems
  • an evaluation according to Common Criteria offers you international advantages, as the standard is recognized worldwide

Project examples

We have successfully completed more than 600 evaluation projects according to CC (from EAL1 to EAL7), including

  • Microsoft Corporation, USA
    • SQL Server (EAL4+)
    • Exchange Server (EAL4+)
  • SAP AG, Germany
    • NetWeaver (EAL4+)
    • ABAP Application Server (EAL4+)

Other clients such as the German Federal Printing Office, the BSI, Huawei, Hitachi-Omron, Infineon, NXP, Oracle, Samsung, Panasonic or T-Systems place their trust in the skills of TÜVIT.

Marc Le GuinDirector Evaluation Body for IT Security

Tel.: +49 201 8999 639

Further services