CC - discovered, explained
Common Criteria (CC) is a state-run certification system, which in Germany has the Federal Office for Information Security (BSI) as its certification body. Through the Arrangement on the Recognition of Common Criteria Certificates (CCRA), the certificates are recognised in 31 countries.
The CCs provide a methodology and a catalogue of functional security requirements (SFRs) and assurance requirements (SARs), which are used to describe the functionality and assurance of the product to be tested. The trustworthiness is described in 7 different levels, Evaluation Assurance Level (EAL) 1-7, which, among other things, reflect the vulnerability to different attacker capabilities and corresponding test depths. This also results in comparability of the certifications in the different schemes.
The CCs were adopted by the EU and ENISA at European level in 2024 as a cybersecurity certification system under the CSA as the EUCC.
TÜVIT is one of the world's leading testing service providers for Common Criteria (CC) and is authorised to carry out tests according to a total of 5 different country schemes. With our 60 licensed testers, we have successfully completed over 700 evaluation projects according to CC (from EAL1 to EAL7). We have been supporting customers in the evaluation of IT components, products and systems since 1991, enabling us to offer you the best evaluation approach in each case.
TÜVIT has been recognised by the German Federal Office for Information Security (BSI) as a test centre for security evaluations in accordance with the international Common Criteria standard (ISO 15408) since 1991. In addition, the TÜVIT security experts develop protection profiles on behalf of the BSI and other interest groups, e.g. in the areas of biometric systems, eHealth, database management systems and smart metering.
In addition to CC certification in Germany by the BSI, TÜVIT also offers the option of completing CC certification in Japan (JISEC), Singapore (SCCS), Qatar (QCCS) or the Netherlands (NSCIB).
EUCC stands for "European Union Common Criteria" and refers to a framework for assessing and certifying the security of IT products. The EUCC is part of the European Union's efforts to create uniform security standards for IT products used within the EU. This should help to increase confidence in the security of IT products and improve interoperability between different systems. EUCC certification can be beneficial for manufacturers of IT products as it facilitates access to markets within the EU and increases customer confidence in the security of their products.