Common Criteria Evaluation

What is Common Criteria

“The Common Criteria is useful as a guide for the development of products or systems with IT security functions and for the procurement of commercial products and systems with such functions. During evaluation, such an IT product or system is known as a Target of Evaluation (TOE). Such TOEs include, for example, operating systems, computer networks, distributed systems, and applications.

The CC is applicable to IT security measures implemented in hardware, firmware or software. Where particular aspects of evaluation are intended only to apply to certain methods of implementation, this will be indicated within the relevant criteria statements.”

CC, Part 1, Introduction

Common Criteria is a worldwide recognized norm for the security evaluation of your product. International mutual recognition agreements guarantee that evaluation results provided by SERMA TECHNOLOGIES ITSEF are recognized worldwide by other industrial and governmental actors.

Accreditation

SERMA TECHNOLOGIES ITSEF has been licensed by the French Certification Body (ANSSI) since 2000 to run Common Criteria security evaluations up to the EAL5 level (and even until EAL7 level for some components) with a “High” attack potential (VLA.4 or VAN.5). In order to answer all quality and security requirements, it is also accredited by COFRAC within the program specific to security evaluation laboratories. Moreover, the ITSEF of SERMA TECHNOLOGIES has been approved by the ANSSI to lead CSPN (“Certification Sécuritaire de Premier Niveau” : “First Level Security Certification” in English) evaluations.


Our offer

We offer Common Criteria evaluations in the following domains :

Hardware components :

- CPU and microcontrolleurs,

- USB tokens,

- hardware security modules,

- ...

Embedded software: native (C and assembler) and Java Card based applications :

- banking and e-purse,

- identity,

- transport,

- mobile communication,

- pay-TV,

- « empty » OS and Java Card / GlobalPlatform platforms,

- ...

We offer the full Common Criteria evaluation including documentary evaluation, independent functional testing, customer site audit and penetration testing through a theoretical vulnerability analysis followed by software, cryptographic and/or hardware attacks. None of our activities is subcontracted to any external party.

All evaluations tasks are concluded with a detailed report and remarks that help the developer to improve the security of its product.


Garantees (French scheme)

As an official ITSEF accredited by ANSSI (the official French Certification Body), our ITSEF guarantees to its customers the confidentiality of the evaluations and their contents. The whole evaluation process is followed, controlled and validated by ANSSI. At the end of the evaluation process the ANSSI delivers an evaluation certificate for the product.