Benefit from our comprehensive Common Criteria expertise

achelos makes your CC project a success

The ‘Common Criteria for Information Technology Security Evaluation’ certification scheme serves as a globally standardised measure to ensure robust security in information technology. In practice, trustworthiness requirements are consolidated into the Evaluation Assurance Level (EAL), which undergoes evaluation based on a seven-stage security model (EAL 1 = functionally tested to EAL 7 = formally verified design and tested). Defined evaluation methods and detailed documentation are used to test and assess the security of IT systems, products and applications.

The specialists at achelos offer specific expertise to support customers from diverse sectors actively through each evaluation phase. As a result, you can reliably and efficiently master the CC evaluation and obtain a CC certificate for your product.

Our support covers the full spectrum of the Common Criteria process for manufacturers and stakeholders of products, systems and applications: from the initiation of the application to development, production and security-related testing. achelos remains neutral towards manufacturers and maintains close collaboration with certification and accredited testing organisations in the evaluation field.

Consultancy and survey

  • Analysis and assessment of product and security requirements (security target: ASE, cryptographic mechanisms)
  • Advice on the certification application process 
    • Selection of the evaluation body
    • Negotiation with the evaluation body
    • Creation of a schedule
  • Delivery of a qualified basis for decision-making 
    • Feasibility studies
    • Cost calculations
    • Security specifications
    • Performance limitations
    • Offers
  • Selection and commissioning of an evaluation body 
  • Completion of the application form
  • Preparation of accompanying documentation
  • Security concepts for development and production sites
  • Hardware security concept

 Assistance/guidance during site visits (audits)

  • Professional preparation through internal training sessions and simulated audits
  • achelos monitors the audit of the certification body to ensure efficient certification
  • Follow-up of the audit

Product development at CC level (EAL 1 – EAL 7)

  • Support or complete takeover of the development process including architecture, design and implementation in CC-compliant rooms

CC Assurance Levels

Test management

  • Consultancy and support for CC-compliant tests
  • Preparation of the test specification
  • Implementation and realisation of the tests
  • Automated test runs
  • Logging and error analysis

Preparation of CC documentation according to EAL level

  • Security Target (ASE)
  • Development (ADV)
  • Test (ATE)
  • Vulnerability analysis (AVA)
  • Guidance documentation (AGD)
  • Processes, tools and site security (ALC)

 Project management and technical coordination between product manufacturer, production, testing centre and certification body

  • For complete or partial processes
  • On a technical level

  Training sessions and workshops

  • General CC training (introduction to Common Criteria)
  • Introduction to the creation of CC documentation
  • Practical experience and tips for efficient evaluation
  • SSC aspects for software development and testing

CC evaluation: Development, testing and documentation

  • Electronic health card (eGK)
  • Digital tachograph
  • Electronic ID cards
  • eHealth card terminal
  • HSM (Hardware Security Module) 

CC consulting, documentation and evaluation

  • CC evaluation of Smart Meter Gateways, signature application components, network and application connectors
  • CC documentation for a customised production site
  • Consulting and analysis for setting up and implementing a Public Key Infrastructure (PKI) in the field of smart metering

 Delivery of test environments and simulators for the product groups

  • Electronic health card (eGK)
  • eHealth card terminal
  • Electronic ID cards 

Delivery of test suites for the product groups

  • Electronic health card (eGK)
  • eHealth card terminal (mobile and standard)
  • eHealth connector
  • eHealth primary system
  • TLS and IKE/IPsec (security test suite)
  • Conformity tests for eID cards
  • Java Card Security (JC Inspector)

For every project phase

  • CC-trained team of experts 
  • Professional CC consulting, project support and preparation of the necessary CC documentation 
  • Extensive expertise and many years of practical experience in development, testing and CC evaluation
  • Expertise in security-critical segments with legal requirements, including eHealth, eEnergy, eID
  • Proven cooperation with various evaluators, testing centres and certification bodies, e.g. Federal Office for Information Security (BSI)
  • achelos test platform for CC support
  • Development of test suites for ATE and AVA by achelos (e.g. TLS Inspector, IKE/IPsec Inspector)

Do you have any questions? Your contact in this area is:

Dr. Karsten Klohs

Director Business Development

karsten.klohs@achelos.de +49 5251 14212-384

Downloads and Information