common criteria

Successful certification to Common Criteria

Take advantage of our concentrated CC expert knowledge

Common Criteria (CC) – worldwide catalogue of criteria for IT security

The "Common Criteria for Information Technology Security Evaluation" represent a uniform international standard to guarantee a high level of IT security. In practice, the requirements in terms of trustworthiness are summarised in the so-called Evaluation Assurance Level (EAL) and, depending on circumstances, evaluated in a 7-stage security model (EAL 1 = functionally tested to EAL 7 = formally verified development and tested). Defined evaluation methods and documentation are used to test and assess the security of IT systems, products and applications.

 

The benefit for you: achelos helps ensure efficient evaluation and certification

The experts at achelos have the specific expertise needed to actively support customers from a very wide range of sectors in every project phase. You will then be sure to securely and efficiently master CC evaluation and receive a CC certificate for your product.          

           



CC expertise for every project phase

CC expertise for every project phase

We provide manufacturers and managers responsible for products, systems and applications with full-scope support throughout the entire Common Criteria process: from the application, through development and production, all the way up to security-relevant tests. achelos is manufacturer-neutral and works closely with certification and accredited  testing bodies in the field of evaluation. With achelos, your CC project will be a success.

Achieve your CC project with achelos

achelos services for demonstrable quality in line with Common Criteria

Consulting and stocktaking

  • Analysis and specification  of product and security requirements (security target: ASE, cryptographic mechanisms)
  • Consulting on the application process to receive certification
    • Selection of the testing body
    • Negotiation with the testing body
    • Drafting a timetable
  • Provision of qualified bases for reaching decisions
    • Feasibility studies
    • Cost calculations
    • Security requirements specifications
    • Service delimitations
    • Offers
  • Selection and commissioning of a testing center (evaluator)
  • Filling out an application form
  • Drafting the accompanying documentation
  • Security concepts for development and production locations
  • Hardware security concept 

 

Support and guidance during site visits (audits)

  • Professional preparation through internal training sessions and simulated audits
  • Support for the audit of the testing/certification body through achelos for efficient certification
  • Audit follow-up work 

Product development at CC level (EAL 1 – EAL 7)

  • Support for or complete assumption of the development process, including architecture, design and implementation in CC-compliant rooms

We have all CC components under control for you

Test management

  • Consulting and support for CC-compliant testing
  • Drafting test specifications
  • Implementation and execution of the tests
  • Automated test runs
  • Logging and fault analysis

 

Drafting the CC documentation as per EAL level

  • Security Target (ASE)
  • Development (ADV)
  • Test (ATE)
  • Weak point analysis (AVA)
  • Guidance documentation (AGD)
  • Processes, tools and site security (ALC)

 

Project management and technical coordination between product manufacturers, production, testing center and certification body

  • For complete or partial processes
  • At the technical level 

Training sessions and workshops

  • General CC training (introduction to Common Criteria)
  • Introduction to drafting CC documentation
  • Explanation of the CC security criteria
  • CC aspect for software development and testing
Common Criteria references

CC evaluation: development, testing and documentation

  • Electronic health card (eGK)
  • Digital tachograph
  • Electronic ID cards
  • eHealth card terminal
  • HSM (hardware security module)

 

CC consulting, documentation and evaluation

  • CC evaluation of Smart Meter Gateways, signature application components, network and application connectors
  • CC documentation for a customer-specific production site
  • Consulting and analysis for establishing and implementing a Public Key Infrastructure (PKI) in the field of smart metering

 

Provision of test environments and simulators for

  • Electronic health cards (eGK)
  • eHealth card terminal
  • New German ID card (nPA)

 

Provision of test suites for the product groups

  • Electronic health cards (eGK)
  • eHealth card terminal (mobile and standard)
  • eHealth connector
  • eHealth primary system
  • TLS and IKE/IPsec (security test suite)
  • nPA conformity tests
  • Java Card Security (JC inspector)
Common Criteria expertise and experience

Common Criteria expertise and experience

For every project phase

  • Team of CC-trained experts
  • Professional CC consulting, project support and drafting of the necessary CC documentation by experts at achelos
  • Extensive expertise and many years of practical experience in development, testing and CC evaluation
  • Specialist knowledge in security-critical segments with legal stipulations, including eHealth, eEnergy, eID
  • Tried-and-tested cooperation with various evaluators, testing centers and certification bodies, such as the German Federal Office for Information Security (BSI)
  • Qumate.Testcenter: test platform developed by achelos for CC support
  • Development of test suites for ATE and AVA on the basis of the Qumate.Testcenter (e.g. TLS, IKE/IPsec)

Thomas Freitag

Technical Director

Email:

Phone:
+49 5251 14212-304