We can help you to pass a Common Criteria evaluation, we know the tips & the tricks and can help you to save a lot of money. Obtain a Common Criteria Certification assisted by our experts.
Common Criteria service overview for Developers - jtsec a CC consultancy company
1.
2.
3. jtsec Beyond IT Security SL is a cybersecurity Company focused on Common
Criteria Consultancy.
Facilities in Granada and Madrid (Spain)
We are experts in Common Criteria. We have worked in several CC Labs as
evaluators, consultants or lab manager. We have given talks in several ICCC
(Common Criteria Conferences)
We have developed the most innovative tool to generate Common Criteria
compliant documentation
CCGen (https://www.jtsec.es/ccgen-product-profile.pdf)
Key customers: Applus+, Panda Security, Imperva, BQ, MCS Microsystems,
CyberSecurity Malaysia
4. TECHNICAL EXCELLENCE
We have come to raise the baton of technical excellence.
Only through a high quality process, we must be able to
verify the security of your products and systems; We are
100% committed to a lifelong learning process
COMMITMENT TO OUR CUSTOMERS
We are determined to solve your problems, not to create
new problems. Your project will be successful - there is no
other option. We take the standard of excellence in dealing
with clients to a new level.
TIME TO MARKET
By doing our job on time, we can give a competitive
advantage to our customers. If time is a constraint you can
count on us. We put all our resources at your disposal to be
not only the best but also the first.
5. Common Criteria Training: customized training regarding the Common Criteria
standard depending on your needs (applicable EAL, technology, etc…). This
training will reduce your certification duration and cost and will increase the
knowledge of your team.
Common Criteria Consultancy: customized consultancy service. We offer:
Full Package service: this service includes creating the required CC
documentation, handling the relationship with the lab and negotiating the
lab fee. This service requires mínimum involvement from the developer.
Ad-hoc Package service: jtsec will adapt to the customer needs. For example:
ST Writting, CC Gap Analysis, Package of hours for CC Documentation
Development, etc…
6.
7. Common Criteria:
International Standard (Methodology) to evaluate the security of IT products (ISO
15408)
Up to 7 levels. Higher levels implies higher effort/cost
The methodology consist on:
Product Security Evaluation (Testing and Vulnerability Analysis)
Design and Guidance Documentation Evaluation
Development Process Evaluation (Life Cycle Evaluation including site
audits)
8. Common Criteria
International agreement for mutual recognition of CC evaluations performed by
country members – A certificate obtained in Spain is valid in 28 countries.
Worldwide recognized certificate – valid all around the world
9. What can you use Common Criteria certificate for?
Government regulations (e.g. European Tachograph Law, Digital Signature)
Spanish Government will use it for Approval of ICT security products for
handling classified national information and for the inclusion of ITC security
products in the spanish Catalog of ITC Security Products (CPSTIC). More
information in CCN-STIC 102 and 106 Guides.
CC certificates are likely required to enter in DoD’s Information Network
Approved Products List (DoDIN APL) – US Government
Smart Tachograph European regulation
(https://dtc.jrc.ec.europa.eu/dtc_smart_tachograph.php)
Digital Signature Creation Devices
Market Recognition/Requirements (Quality of your product/company) or
Distinction/Differentiation between competitors
10. jtsec will support the developer
during the whole process
Certification
Body
Laboratory
Developer
11. Paperwork:
ASE: Security Target Evaluation
ADV: Design Documentation Evaluation – Interfaces (Functional Specification),
High Level and Low Level Design, Architecture and Implementation (Source
Code)
Paperwork + Testing:
AGD: Guidance Documentation (Installation and Operational) Evaluation + TOE
Installation
ALC: ALC Documentation Evaluation (Configuration Management, Tools and
Techniques, Delivery, Life Cycle, Flaw Remediation and Development Site
Security Measures) + Site Audit
ATE: Testing Documentation Evaluation + Independent Testing
Testing:
AVA: Vulnerability Analysis and Penetration testing
Note: The applicable activities depend on the EAL (Evaluation Assurance Level)