What is Common Criteria EAL2?
EAL2: Structurally Tested. Applies when developers or users require low to moderate independently assured security but the complete development record is not readily available. This situation may arise when there is limited developer access or when there is an effort to secure legacy systems.
How do you get Common Criteria certification?
To achieve the Common Criteria certification, we submitted evaluation reports of our products, which were investigated and then accepted by the CSEC (the certification body in Sweden that issues the Common Criteria certificate in that country). You can find the certificate online, here.
What is the Common Criteria certification is an international standard ISO IEC 15408 for IT security evaluation?
The Common Criteria for Information Technology Security Evaluation (Common Criteria or CC) is an international standard (ISO / IEC 15408) for IT product security certification. It is a framework that provides criteria for independent, scalable and globally recognized security inspections for IT products.
What is PP compliant?
A Protection Profile (PP) is a document used as part of the certification process according to ISO/IEC 15408 and the Common Criteria (CC).
How long is Common Criteria certification?
about one year
HOW LONG DOES COMMON CRITERIA CERTIFICATION TAKE? The general rule of thumb is that the CC certification process takes about one year to complete. This can be longer or shorter depending on the conformance claims and product readiness.
How much does Common Criteria cost?
between USD $100 – $200k.
1. How much does Common Criteria certification cost? A CC evaluation, including lab and consulting fees, will generally cost somewhere between USD $100 – $200k. There are multiple factors to consider that impact this amount.
What is the purpose of ISO 15408?
ISO/IEC 15408 is useful as a guide for the development, evaluation and/or procurement of IT products with security functionality. ISO/IEC 15408 is intentionally flexible, enabling a range of evaluation methods to be applied to a range of security properties of a range of IT products.
Does the EAL provide any indication on the security of the product?
A higher EAL does not indicate a higher level of security than a lower EAL because they may have different functional features in the Security Targets.
What is NIAP certified?
NIAP certification is a commercial cybersecurity product certification that is mandated by federal procurement requirements (CNSSP 11) for use in U.S. National Security Systems (NSS). Its primary purpose is to certify commercial technology or products which will be used to handle sensitive data.