achelos press pool
achelos development site successfully certified to Common Criteria
Paderborn, December 2, 2021 – The German Federal Office for Information Security (BSI) has successfully certified the development site of achelos GmbH in Paderborn to Common Criteria (CC), a catalogue of criteria for IT security that applies worldwide. The team of experts at achelos is anticipating a further increase in demand for development support at the highest CC evaluation levels.
In future, the Secure Element (SE) will also be fitted in a large number of products and in a wide range of design forms for identities, including some new ones. These products include smartphones, cars and machines. This will create new fields of application in healthcare, industry and the mobility sector. Many providers and manufacturers simply lack the necessary experience when it comes to managing comprehensive security evaluations. Having been awarded CC site certification, achelos is now keen to offer its customers even greater flexibility. This includes simplifying integration of collaborative input from the development process or complete partial developments into the customer's CC evaluation. As a manufacturer-independent software development and consulting firm, achelos now enjoys a USP with its CC site certification and has the requisite flexibility to handle future digitisation projects in a wide range of market segments.
"achelos has already been certified to ISO 9001 and ISO 27001 for two years. For us, the recent certification of the achelos development site to Common Criteria was a logical further development of our certification portfolio. As a manufacturer-independent software development and consulting firm, we can now offer our customers flexible software development at the highest IT security level and early in the project from our Paderborn site. This makes us particularly attractive to a large number of small and medium-sized enterprises from the manufacturing sector that do not have sufficient development capacities but are looking to certify products to Common Criteria," explains Kathrin Asmuth, Managing Partner at achelos. "With the CC site certification, we have already made the certification process easier for our customers by removing a potential obstacle. This leads to significant time and cost savings when launching new products to market," Asmuth adds.
High degree of expertise in Common Criteria projects
achelos already has a great deal of experience in the Common Criteria environment. Indeed, the team of experts has been accompanying and supporting customers in performing CC security evaluations and CC certifications for many years. With its CC site certification, the IT security firm is now extending its portfolio in the development environment even further. "The speed with which the certification process was executed by the BSI is worthy of particular praise. Indeed, it only took six months from the first project meeting to certification being awarded. The CC security certificate for the achelos development site covers security requirements up to a testing depth of EAL5 with the extensions ALC_DVS.2 and AVA_VAN.5 for the greatest resistance to attacks. Necessary extensions to EAL7 can also be easily added for individual projects as and when required. We can therefore execute product developments at the highest security level for customers from a wide range of sectors," comments Dr. Karsten Klohs, Director Business Development Security Engineering, who managed the project for achelos.
"Common Criteria" – worldwide catalogue of criteria for IT security
The "Common Criteria for Information Technology Security Evaluation" guarantee a uniform international standard for the security of information technology. In practice, the requirements in terms of trustworthiness are summarised in the so-called Evaluation Assurance Level (EAL) and, depending on circumstances, evaluated in a 7-stage security model (whereby EAL 1 = functionally tested, all the way up to EAL 7 = formally verified development and tested). The documented results are used to verify and assess the security of IT systems, products and applications.
CC site certification | Link to listing at the BSI: https://www.bsi.bund.de/EN/Topics/Certification/SiteCertification/SiteCertification_node.html