- Services
- Industries
- Automotive
- Battery
- Building inspection
- Fire alarms system testing
- Household appliances
- Installation materials
- Industrial machinery
- IT & audio video
- Laboratory, test & measurement
- Lighting equipment
- Maritime, oil & gas
- Medical & healthcare equipment
- Military & aerospace product testing
- Wireless & telecom
- Resources
- About
- Blog
- Events
Cyber security common criteria evaluation and certification
ISO/IEC 15408-1:2009 provides an internationally-accepted framework for evaluating the security of information technology equipment (ITE). Also known as the "Common Criteria," this standard details widely accepted criteria for the design, development, and evaluation of IT equipment for cyber security consideration.
Compliance with the Common Criteria detailed in ISO/IEC 15408-1 consists of two quality assurance aspects:
- Assessment of Security Assurance Requirements (SARs) — This is a review of the processes undertaken during the development and evaluation of a given IT product to assess compliance with the prescribed security functionality, which may vary depending on their intended use and anticipated risk environment.
- Evaluation Assurance Level (EAL) — This assesses the difficulty of the evaluation process itself, and can range from the most basic level of cyber security (EAL 1) through the most rigorous process to verify the claimed level of security (EAL 7).
*It is important to note that an EAL is only an assessment of the rigour of the evaluation process itself: ITE with a higher EAL does not necessarily indicate a more secure device.
How Nemko Can Help
Nemko can provide comprehensive guidance according to the Common Criteria requirements detailed in ISO/IEC 15408-1.
- Protection Profile Assessment— Procurement organizations may require third-party vendors to offer evidence that their product has been designed to conform to the requirements of one or more protection profiles (PP). Nemko experts can work with you to assess your equipment's compliance with relevant PPs and provide attestation to support your claims.
- EAL/Security Target (ST) Assessment—The PP assessment can serve as a basis for defining the required security properties, so Nemko experts can conduct an evaluation of your equipment consistent with both the required STs and the requisite EAL.
- Nemko can also conduct a preliminary functional gap assessment (FGA) ahead of more formal security analyses to help identify potential issues and can help to ensure that these devices meet essential Common Criteria requirements ahead of time.
Benefits of Working with Nemko
Partnering with Nemko can provide your organization in addressing the challenges that occur in today's cyber security landscape.
Recognized Cyber Security Expertise
Acquired by Nemko in 2020, Systemsikkerhet is Norway's first information security consultancy and is one of only four information security testing laboratories authorized to perform Common Criteria evaluations, by the National certification authorities for IT security (SERTIT)
Active Involvement in Standards Development and Implementation
Nemko’s team of experts have developed state-of-the-art cyber security standards and protocols, and are knowledgeable about all new, emerging requirements.
Single Source Solution
With its combined expertise in cyber security, product safety, Radio/Telecom and electromagnetic compatibility (EMC), Nemko is a robust source for manufacturers.
Global Support
Nemko helps to support your global market access efforts, offering more than 30 locations across six continents around the world.
Other posts you might be interested in
Protecting Your Organization from Ransomware: Key Strategies and Solutions
December 19, 2022
//
Cyber security
Initiative to EU regulation for cyber security of digital products
June 1, 2022
//
Cyber security
Insights from Successful Cyber Security Webinars in Korea and Norway
July 1, 2022
//
Cyber security