Making software subsequently secure is always complicated and expensive. This is why it is important to consider the subject of IT security at the beginning and throughout the entire life cycle within the framework of a Common Criteria (CC) evaluation. TÜViT has been evaluating (embedded) software since 1991. We are recognized by the German Federal Office for Information Security (BSI), in the Japanese Certification Scheme as well as in the Singapore Common Criteria Scheme (SCCS) as an evaluation body for Common Criteria.
Experts with practical experience
Common Criteria (ISO 15408) are among the authoritative international IT security standards. TÜViT is one of the world's leading testing service providers for Common Criteria (CC). With our 50 licensed evaluators, we have successfully completed over 600 evaluation projects according to CC (from EAL1 to EAL7). Our IT security experts have been trained and licensed by the BSI regarding the CC criteria. They also undergo an internal TÜViT training program in order to build up their practical experience. In this way, TÜViT provides specialists with a high level of practical expertise and an evaluation approach that delivers results which are not only of a high quality, but also economical.
In addition to the CC certification in Germany through the BSI, TÜViT also offers the possibility of completing certification in Japan or Singapore. In Japan this is performed by the Information Technology Promotion Agency (IPA), in Singapore by the Cyber Security Agency of Singapore (CSA).
Our services at a glance
- CC evaluations of IT components and products in all evaluation stages
- site certifications
- development and evaluation of protection profiles
- support for the preparation of security specifications and evidence documentation
- workshops on the security criteria and the scope of the evaluation
- consulting on evaluation processes / consulting packages
- conduct of trainings, including training in criteria and attack methods
Our evaluation body covers the following topics
- operating systems
- security controller
- smartcard operating systems
- database management systems
- network devices (e.g. firewalls, VPN solutions, routers)
- payment systems (smartcard components), software and hardware evaluations
- mobile systems, e.g. smartphones
- communication systems
- smart meter gateways (with conformity test for TR-03109)
- signature applications
- smartcard terminals
- security modules
- government applications (e.g. passport, identity card, eHealth)
- combined systems, e.g. operating systems and applications
Your benefits at a glance
- we have more than 25 years of experience with globally recognized evaluations of software and security-critical IT products; as a result, we are able to offer you the best evaluation approach in each case
- you can benefit from the know-how and diligence of one of the leading testing services providers for IT security
- evaluations and certifications help to minimize security risks and improve internal processes
- with our evaluations based on Common Criteria, you provide proof of the required security features of your software and IT products and therefore enjoy a market advantage
We have successfully completed more than 600 evaluation projects according to CC (from EAL1 to EAL7), including
- Microsoft Corporation, USA
- SQL Server (EAL4+)
- Exchange Server (EAL4+)
- SAP AG, Germany
- NetWeaver (EAL4+)
- ABAP Application Server (EAL4+)
- Oracle America, Inc.
- Java Card Operating System
- Payment Applications
- Gemalto S.A.
- Smart Card Operating Systems eHealth
- Payment Applications
Other clients such as Atos, Bundesdruckerei, the BSI, Cherry, Huawei, Hitachi-Omron, Infineon, Ingenico, NXP, Samsung, Panasonic, ZF or T-Systems place their trust in the skills and experience of TÜViT.