Common Criteria

Threats to organizational assets come in many shapes and forms, and protection against those threats can be a difficult task. Information typically safeguarded by IT infrastructures may be at risk from both internal and external attack vectors, and those wishing to secure against such attacks have an ever-growing array of IT security products to choose from. In order to rely on the security functionality claims of IT vendors, Government, Critical Infrastructure and other organizations with mission critical systems are turning towards independent verification of IT security products through Common Criteria certification.

The Common Criteria (CC) - ISO standard ISO15408- is used by governments and other organizations to assess whether the security and assurance of information technology products is adequate for their intended environment. The CC standard provides a uniform method of expressing security requirements and defines a set of rigorous criteria by which a product’s security aspects (for example, development environment, security functionality, and handling of security vulnerabilities) can be meaningfully evaluated.

Under the Common Criteria Recognition Agreement (CCRA), evaluations performed by any participating evaluation scheme are recognized by other CCRA countries, opening up worldwide markets for only a single evaluation.

At BDO, we understand that developers producing IT products may not have the time or relevant expertise required to start and/or complete an evaluation. We recognize that the process of CC certification can be complex, expensive and labour intensive, and can offer much needed guidance, expertise and assistance; we can provide you with a faster, more-efficient, cost-effective evaluation.

Our Risk Advisory Services group has unique and expert experience with Common Criteria and will work with you to assess the complexity and scope of the intended evaluation, aid in preparing material for evaluation and manage the initial and ongoing evaluation process.