IT Evaluation & Assessment
Common Criteria Evaluation
Consult our experts. We are happy to support you.
The Common Criteria (CC), also known as ISO 15408, is an internationally recognized standard used to specify and assess the security of IT products. It is used by governments and other organizations to confirm the security functionality of information technology products. The CC standard defines a set of criteria by which a product’s security aspects – for example, the development environment, security functionality, and handling of security vulnerabilities – can be meaningfully evaluated.
What atsec offers:
atsec operates under Common Criteria evaluation schemes in Germany, the USA, Sweden, Italy, Singapore, and in Qatar. The certificates from these countries are recognized in more than 30 countries.
atsec also operates under the European Cybersecurity Certification Scheme (EUCC) and provides evaluations at the assurance level Substantial and High (authorization is ongoing):
- EUCC evaluations at assurance level Substantial cover vulnerability analysis AVA_VAN level 1 or 2
- EUCC evaluations at assurance level High cover vulnerability analysis AVA_VAN level 3, 4 or 5
The EUCC scheme’s certificates are applicable across the EU and valid in all member states. If you’re interested in an EUCC certification, get in touch and we will guide you through the certification process and provide you the certification application forms.
Certification authorities:
More information:
Why our services are important to you:
atsec is one of the most experienced evaluation labs in the world, with more than 20 years of experience in the field of security evaluations. Members of atsec have been heavily involved in the development of the German and European information security criteria that were the basis for the Common Criteria, and atsec is involved in the further development of the Common Criteria to this day.
With hundreds of CC evaluations of various information security products completed – including large, complex software systems like operating systems, databases, firewalls, mobile devices, and printing systems of renowned manufacturers – atsec provides both trusted and thorough testing services.
Downloads:
Further information for your journey to certification.
Common Criteria evaluations performed by atsec:
| Date | Product name | EAL/PP | Scheme | Information |
|---|---|---|---|---|
| 2026-02-23 | F5 BIG-IP 17.5.0 including AFM | PP |  CSEC |    |
| 2026-02-20 | Apple macOS 15 Sequoia | PP |  NIAP | |
| 2026-02-19 | JBoss Enterprise Application Platform 8 Version 8.1.0.1 | EAL2+ |  OCSI | |
| 2026-02-17 | Tutus Färist IEG v4.5.0 | EAL4+ | CSEC | |
| 2026-02-11 | Vectra Platform | EAL2+ | CSEC | |
| 2026-02-10 | F5 BIG-IP 17.5.0 including APM | PP | CSEC | |
| 2026-02-09 | HP LaserJet Enterprise 8501 printers with HP FutureSmart 5.9.2.1 Firmware | PP | OCSI | |
| 2026-02-09 | IBM z/VM Version 7.4 with RSU1 and CP service level 0002 for VPP | PP | OCSI | |
| 2026-02-09 | IBM RACF for z/OS 2.5 | EAL5+ | OCSI | |
| 2026-02-02 | IBM PowerVM 1060 with VIOS 4.1.1 for Server for POWER10 and HMC for POWER | PP | OCSI | |
Introduction to the
Common Criteria
Watch our Introduction to the Common Criteria video, which will provide you with a head start on understanding the history of the Common Criteria, the evaluation requirements, and atsec’s experience.
Still have questions?
Can’t find what you’re looking for? Let’s talk!
FIPS 140-3 Testing
FIPS 140-3 specifies requirements related to securely designing and implementing cryptographic modules, and compliance is increasingly mandatory worldwide.
Open Trusted Technology Provider Standard Services
The Open Trusted Technology Provider Standard (O-TTPS) is a collaborative initiative that seeks to prevent tainting and counterfeiting in the global supply chain for COTS information and communication technology.
Medical Devices IEEE 2621
The IEEE Medical Device Cybersecurity Certification Program has been developed by the IEEE 2621 Conformity Assessment Committee (CAC) to provide certification for wireless diabetes devices.
The Information Security Provider
Read Our Latest Blog Articles
Learn the latest and greatest about information security. You’ll find insights and analyses of recent developments in technology and policy on our blog.
-
atsec’s Experience at the Post-Quantum Cryptography Workshop at the KTH Royal Institute of Technology
The PQC Workshop at the KTH Royal Institute of Technology was a trove of valuable insights.
-
Happy Valentine’s Day
We wish a Happy Valentine’s Day to all our colleagues, customers, suppliers and all their families and loved ones.
