Common
Criteria Certification
Certification Body of NASK-PIB as the first and only one in Poland (and this part of Europe), has the right to issue cybersecurity certificates for IT products based on the Common Criteria standard.
Common Criteria (CC) is an international standard (available as PN-EN ISO/IEC 15408 standard) used to assess the security properties of IT products and systems.
Common Criteria certificates confirm that the products for which they are issued meet the requirements of the most important international cybersecurity standard.
Certificates issued by NASK-PIB are recognized in most European countries under the SOG-IS MRA agreement, which includes: Belgium, Croatia, Denmark, Estonia, Finland, France, Germany, Italy, the Netherlands, Luxembourg, Norway, Slovakia, Spain, Sweden, United Kingdom, as well as in other countries of the world under the CCRA agreement.
ATTENTION:
- Starting 1st July 2024 all new certification applications have to indicate Common Criteria version 2022 rev. 1.
- Certification applications of ICT products for which Security Target is conformant with Protection Profile specific to Common Criteria ver. 3.1 rev. 5 will be accepted until 31st December 2027.
- Starting 1st July 2024, re-evaluations and re-assessments based on Common Criteria v3.1 rev. 5 evaluations can be started for up to 2 years from the initial certification date.
- Any additional information can be found in the CCRA Transition Policy to CC:2022 and CEM:2022
https://commoncriteriaportal.org/files/ccfiles/CC2022CEM2022TransitionPolicy.pdf
EVALUATION CRITERIA AND METHODOLOGIES
01
Customer Agreement with the Laboratory licensed by NASK-PIB
02
Submitting an application for certification to NASK-PIB
03
Quotation of the Certification Body’s services and signing of the contract
04
Cybersecurity evaluation carried out by the Laboratory under the supervision of the Certification Body (documentation analysis, research, tests)
05
Compliance assessment based on the verified Evaluation Technical Report and collected documentation
06
Certification decision and issuance of the Common Criteria Certificate
EVALUATION CRITERIA AND METHODOLOGIES
CC Common Criteria (for Information Technology Security Evaluation;) CC:2022 Release 1
PN-EN ISO/IEC 15408:2024-05
Information technology – Security techniques – Evaluation criteria for IT security;
Information technology – Security techniques – Evaluation criteria for IT security;
PN-EN ISO/IEC 19790:2020-09
Information technology – Security techniques – Security requirements for cryptographic modules
Information technology – Security techniques – Security requirements for cryptographic modules
CEM
(Methodology for Information Technology Security Evaluation); CC:2022
(Methodology for Information Technology Security Evaluation); CC:2022
PN-EN ISO/IEC 18045:2024-04 Information technology – Security techniques – Methodology for IT security evaluation
ISO/IEC 24759:2017 Test requirements for cryptographic module
Detailed certification guidelines, as well as information on the certification process itself.
Detailed information on fees for certification services.