ISO 15408 Common Criteria for Information Technology Security Evaluation, also known as the Common Criteria (CC), is a global product evaluation standard recognized in more than 26 countries.
As mandated by the Committee on National Security Systems (CNSS) Policy No. 11, IT products used to protect information on national security systems must comply with the requirements of the National Information Assurance Program (NIAP). To ensure vendors meet this mandate, NIAP operates the Common Criteria Evaluation & Validation Scheme (CCEVS) to facilitate the evaluation of IT products against the Common Criteria standard.
Our Resident CC Guru
38North’s founder, Matt Earley, is a former manager of the Australian and New Zealand Common Criteria scheme, and has participated in CC standard development through various technical boards. He has also supported countless Common Criteria evaluations since the year 2000. (Yes, he enjoys it that much!)
Vendors having completed Common Criteria evaluation are eligible to sell their evaluated products to federal agencies operating national security systems, including the U.S. Department of Defense. Other countries have similar requirements, opening up the global market to committed vendors. The Common Criteria can also serve as a competitive differentiator when marketing to non-government clients, such as financial services and healthcare.
Common Criteria consulting is our forte. Since 2000, our consultants have supported the development and implementation of Common Criteria standards, internationally and domestically. 38North develops the necessary documentation, identifies and remediates issues and guides you through the evaluation process with the Common Criteria Testing Laboratory (CCTL). Our Common Criteria consultants have considerable experience providing advisory, documentation and testing support for a number of vendors across the globe.
Our Common Criteria services include:
- Common Criteria Gap Analysis: This is recommended for vendors that are new to the Common Criteria. 38North’s Common Criteria gap analysis educates you on the process while analyzing your product suite to see how it stacks up against the requirements of the Common Criteria and any relevant protection profiles. We also determine the cost to achieve Common Criteria validation/certification and identify risks and challenges.
- Common Criteria Evaluation Support: This level of support is best for companies that have committed to having one or more products certified to the Common Criteria. Our experienced Common Criteria consultants eliminate the stress of developing the evaluation evidence and dealing with the CCTL. We are well versed with all the quirks of the evaluation process and will quickly resolve findings so you can get your certification/validation as fast as possible. We develop all necessary Common Criteria documentation to address any EAL or protection profile while facilitating the entire Common Criteria evaluation process.