Choose the right Common Criteria (CC) evaluation – EAL or PP - to get access to new markets and provide trusted assurances on your product’s security features. Our global network of accredited CC-laboratories provide a faster and hassle-free route to Common Criteria Certification, including NIAP-listing and SOG-IS Technical Domains.


What is Common Criteria (ISO/IEC 15408)?

Common Criteria (ISO/IEC 15408) is an international standard for evaluating and certifying the security of IT products and systems. It ensures that security features and capabilities are rigorously tested and verified, providing a trusted basis for assessing product security.

Common Criteria Evaluation Assurance Levels (EAL)

Common Criteria defines seven Evaluation Assurance Levels (EALs), ranging from EAL1 (basic assurance) to EAL7 (highest assurance). Each level involves progressively more thorough testing and evaluation, ensuring that products meet specific security requirements appropriate to their use cases.

What is the Common Criteria (CC) Certification Process?

The Common Criteria certification process ensures that IT products meet stringent security standards through a structured evaluation and testing approach.

  • Security Target (ST) Development: Define the security requirements and specifications of the product.
  • Evaluation by Accredited Lab: Conduct a thorough assessment against the ST and the selected Evaluation Assurance Level (EAL).
  • Testing and Review: Perform testing, review the product's design and development processes, and examine security features.
  • Certification Issuance: Receive certification from a certification body, confirming the product meets the specified security standards and assurance levels.

Why get Common Criteria Certification (ISO/IEC 15408) with Applus+ Laboratories?

Our labs are accredited by the Spanish, Canadian, and US Certification Bodies. Our CC certificates open market access to Europe and North America, and have worldwide recognition.

PP-based Evaluations

Evaluate your product following industry-recognized Protection Profiles. Give your customers an easy way to understand, compare, and trust your product's security features.

EAL-based Evaluations

Tailor your Common Criteria evaluation to your market needs, with EAL-based evaluations. We have extensive experience evaluating products with high assurance, up to EAL6+

Automating to speed up certification

Our labs have developed innovative frameworks (CCToolBox and Greenlight) to speed up the certification process thanks to key automation milestones, such as CC testing and specific CC documentation generation, evaluation, and validation.

NIAP listing

Get your product listed in the NIAP-compliant list, required for any product intended to be used in the US National Security Systems.

SOGI-IS Technical Domains

Obtain an extra layer of confidence and market recognition in your CC certificate, with SOG-IS recognition, the European MRA for high assurance evaluations on Smart Cards and Security Boxes Technical Domains.

Collaborating to define tomorrow's cybersecurity schemes

We collaborate with organisations such as ENISA or the SCCG to define future cybersecurity schemes, such as EUCC and 5G.

Common Criteria Certification (ISO/IEC 15408) Benefits

Worldwide and cross-industry recognition

A Common Criteria methodology certificate is the most globally accepted security credential. CC provides well-defined assurances on your product's security claims, boosting confidence in your end-clients, and setting your product apart from similar, non-certified competitors.

A market entry requirement

Being listed in the NIAP or the CC website could be a pre-requisite if you wish to participate in tenders from public agencies and large customers (Banks, Telecom Operators, etc.).

Applus+ Laboratories trusted and experienced network of labs with a global footprint

We are proud to be an accredited CC lab for more than 15 years. Our trajectory and expertise have led us to certify dozens of products, many with high assurance evaluations. Our labs in Barcelona and Madrid are accredited by the Spanish Certification Body (CCN), and qualified for the European MRA (SOG-IS).

Since 2022, two young and fast-growing laboratories have joined our ranks. Lightship Security is a Canadian company accredited for the Common Criteria Canadian (CCCS) and US (NIAP) schemes. jtsec is a Spanish CC-accredited lab, highly involved in the development of new security schemes at a European and international level. We also have technical offices in Shanghai and Seoul to provide local support for our customers in the area.