Common Criteria (ISO 15408) is the ONLY global, mutually recognized product assurance standard. It is mutually recognized in 26 countries and a mandated certification to sell into government and regulated verticals such as telecom. With the signing of the new CNSSP#11, CC certification has become even more critical to sell into US Federal agencies. CC is mandated in S. Korea for wireless and security products sold into the government and financial sector. The government of India has started requiring CC for selling into service providers and telcos. With cyber security gaining signifcant mindshare, CC certification provides an unique opportunity to get a stamp of approval for your product against the most respected and ubiquitous product assurance standard.
Common Criteria Evaluation
We have extensive experience evaluating products against CC requirements in multiple global schemes we have helped certify a number of products against the new NIAP approved Protection Profiles as well as the older EAL approach. The new paradigm of PP based evaluation introduces rigid requirements that have to be met. Our certification methodology is designed to ensure that non-compliances are caught at the beginning of the process giving plenty of time to your developers and testers to fix and test the non-compliance. Given our dual locations we can provide the flexibility of doing PP as well as EAL based evaluation with just an incremental cost as opposed to twice the cost. We realize that CC is one of the many items you are dealing with in getting your product out the door. We will ensure that you have to do only the minimum work required to make the certification a success. Nothing more, nothing less.
Common Criteria Consulting
In addition to full-fledged CC evaluation services, we also help our customers meet their certification goals using the vast experience our team has acquired over the years. We provide as much or as little support in your journey to getting your product CC certified as you need. We can do a thorough gap analysis of the product against any approved (or draft) Protection Profile, recommend the best approach to certification, draft documentation, interact with your chosen CC laboratory, act as your advocate to NIAP, and also help your sales/marketing develop collateral highlighting CC certification of your product.
Common Criteria Gap Analysis
If you are trying to determine whether Common Criteria certification is the right choice to tap into the global government market, a Common Criteria gap analysis is a good first step. Our team of experts will work with your team of experts to do a thorough analysis of your product, identify and explain any potential certification deficiencies, propose solutions, and help chart out a path to Common Criteria success. In our experience, gap analysis is extremely valuable to set expectations, define roadmaps, and identify level of effort required. Should you decide to pursue Common Criteria and FIPS evaluation at the same time, we provide a combined approach to gap analysis so that your engineers do not get duplicative information or worse conflicting information.