common criteria

Successful certification according to Common Criteria

Benefit from our comprehensive Common Criteria expertise

Common Criteria (CC) – international criteria catalogue for IT security

The "Common Criteria for Information Technology Security Evaluation" represent a uniform international standard to guarantee a high level of IT security. In practice, the requirements in terms of trustworthiness are summarised in  Evaluation Assurance Level (EAL) and, depending on circumstances, evaluated on a 7-stage security model (EAL 1 = functionally tested to EAL 7 = formally verified development and tested). Defined evaluation methods and documentation are used to test and assess the security of IT systems, products, and applications.

 

achelos helps ensure efficient CC evaluation and certification

The experts at achelos have the specific know-how needed to actively support customers from a very wide range of sectors in every project phase. This way you can efficiently master the CC evaluation and successfully certify your product.          

           



CC expertise for every project phase

CC expertise for every project phase

We provide end-to-end support to manufacturers and developers of product, system, and application throughout the entire Common Criteria process: from the application, through development and production, all the way up to security-relevant tests. achelos is manufacturer-independent and works closely with accredited certification and   testing authorities in the field of evaluation. With achelos, your CC project will be a success.

Achieve your CC project with achelos

achelos services for demonstrable quality in line with Common Criteria

Consulting and survey

  • Analysis and specification  of product and security requirements (security target: ASE, cryptographic mechanisms)
  • Consultation on the application process to receive certification
    • Selection of the evaluation body
    • Negotiation with the evaluation body
    • Creation of a schedule
  • Provide criteria for effective decision making through:
    • Feasibility studies
    • Effort estimation
    • Security requirements specifications
    • Service delimitations
    • Offers
  • Selection and commissioning of an evaluation body
  • Completion of the application form
  • Creation of the accompanying documentation
  • Security concepts for development and production sites
  • Hardware security concept 

 

Support and guidance during site visits (audits)

  • Professional preparation through internal training sessions and simulated audits
  • Monitoring of the auditor‘s / certification body‘s audits for efficient certification
  • Follow-up of the audit 

Product development at CC level (EAL 1 – EAL 7)

  • Support for or complete takeover of the development process, including architecture, design and implementation in CC-compliant rooms

We have all CC assurance classes under control for you

Test management

  • Consulting and support for CC compliant testing
  • Preparation of the test specifications
  • Implementation and execution of the tests
  • Automated test runs
  • Logging and error analysis

 

Creation of the CC documentation as per EAL

  • Security Target (ASE)
  • Development (ADV)
  • Test (ATE)
  • Vulnerability analysis (AVA)
  • Guidance documentation (AGD)
  • Processes, tools, and site security (ALC)

 

Project management and technical coordination between product manufacturers, production, evaluation body, and certification body

  • For whole or partial processes
  • At technical level 

Trainings and workshops

  • General CC training (introduction to Common Criteria)
  • Introduction to creation of CC documentation
  • Explanation of the CC security criteria
  • CC aspect for software development and testing
Common Criteria references

CC evaluation: development, testing and documentation

  • German electronic health card (eGK)
  • Digital tachograph
  • Electronic ID cards
  • eHealth card terminal
  • HSM (Hardware Security Module)

 

CC consulting, documentation and evaluation

  • CC evaluation of Smart Meter Gateways, signature application components, network and application connectors
  • CC documentation for a customer-specific production site
  • Consulting and analysis for establishing and implementing a Public Key Infrastructure (PKI) in the field of smart metering

 

Provision of test environments and simulators for

  • German electronic health cards (eGK)
  • eHealth card terminal
  • Electronic ID cards

 

Provision of test suites for the product groups

  • German electronic health cards (eGK)
  • eHealth card terminal (mobile and standard)
  • German eHealth Konnector
  • German eHealth primary system
  • TLS and IKE/IPsec (security test suite)
  • Compliance tests for eID cards
  • Java Card Security (JC inspector)
Common Criteria expertise and experience

Common Criteria expertise and experience

For every project phase

  • Team of CC-trained experts
  • Professional CC consulting, project support and preparation of the necessary CC documentation by experts at achelos
  • Extensive expertise and many years of practical experience in development, testing and CC evaluation
  • Expertise in security-critical segments with legal stipulations, including eHealth, eEnergy, eID
  • Tried-and-tested cooperation with various evaluators, testing centers and certification bodies, such as the German Federal Office for Information Security (BSI)
  • Qumate by achelos: test platform developed by achelos for CC support
  • Development of test suites for ATE and AVA on the basis of Qumate by achelos (e.g. TLS, IKE/IPsec)

Holger Volke

Technical Director

Email:

Phone:
+49 5251 14212-302