Press release
Independent EUCC evaluation of a smartcard controller from Infineon underscores the role of TÜV Informationstechnik as an established testing center for complex IT security products.
TÜV Informationstechnik GmbH has made a key contribution to the practical implementation of the new European certification framework EUCC as an independent testing centre. As part of the first EUCC certification issued by the German Federal Office for Information Security (BSI), a security-critical smartcard controller from Infineon Technologies AG was comprehensively assessed in terms of security technology.
With EUCC, the European Union is establishing a binding, Europe-wide recognised certification scheme for IT products with security functionality for the first time. For manufacturers, users and public clients, this creates a consistent assessment framework that creates transparency and significantly increases the comparability of security assessments.
A key differentiating feature of the EUCC scheme is the multi-assurance concept. In addition to an overarching overall assurance level (EAL) for the entire product, this also allows the security levels of individual components - such as specific hardware modules - to be labelled separately. This approach enables a realistic and comprehensible assessment, especially for complex and modular systems such as those used in 5G infrastructures or highly integrated security solutions.
In contrast to previous procedures, which often focussed on a single evaluation level value (e.g. EAL4), multi-assurance is now increasingly being used in the EUCC procedures. The security requirements are divided into functional subgroups (sub-TSFs). Each of these sub-groups can achieve its own detailed assurance level, which is transparently stated in the certificate. This allows the security architecture of a product to be mapped in a differentiated manner instead of reducing it to a single level.
This further development of the assessment logic is specifically supported by the current Common Criteria standards (CC 2022) and the introduction of the EUCC scheme. The aim is to present the trustworthiness of ICT products in a more granular, comprehensible and therefore more reliable way - both for regulatory decisions and for market and procurement processes.
"EUCC enables a new quality of IT security assessment in Europe," explains Kartsen Herwig, Security Evaluation and Audit at TÜVIT. "As a testing body, we contribute our many years of Common Criteria expertise and support manufacturers in having complex products evaluated transparently and recognised throughout the EU."
With the successful implementation of this first EUCC test, TÜVIT is underlining its position as a competent partner for demanding certification procedures and making a concrete contribution to strengthening trust and security in European digitalisation.
TÜV Informationstechnik GmbH (headquartered in Essen, Germany) is a renowned IT security service provider and an independent testing institute and laboratory for IT security and cyber security in digitalisation. TÜVIT has been accredited worldwide since 1995 and creates trust in security measures at the level of business processes, data, applications and technologies through vulnerability analyses, audits and evaluations. TÜVIT is a powerful partner in detecting and responding to cyber attacks and ensures rapid restoration of business capability. In this way, businesses, public authorities and operators of critical infrastructures strengthen their regulatory compliance in the areas of confidentiality, integrity and availability as well as their holistic cyber resilience and IT security in the supply chain.
Together with ALTER TECHNOLOGY, TÜVIT forms the Digital & Semiconductor business unit. The business unit is a key pillar of the TÜV NORD GROUP, a knowledge company that has stood for security and trust worldwide for over 150 years. Engineers and IT security experts in more than 100 countries ensure that companies become even more successful in the networked world.
