CC Product Evaluation

EWA-Canada provides comprehensive services for the evaluation or re-evaluation of products under the requirements of the internationally recognized Common Criteria for IT Security Evaluation (CC; aka ISO 15408).

 

Pre-Evaluation Planning

Prior to beginning an evaluation, vendors should have an understanding of the CC requirements and the evaluation process itself.  Those vendors that are new to or unfamiliar with the process may wish to consider our CC Pre-Evaluation Consulting capability. 

 

CC Product Evaluation

EWA-Canada offers a full range of CC evaluation capabilities which can be tailored to your particular needs and can include:

  • Evaluation of products under the Canadian Common Evaluation and Certification Criteria Scheme (CCS; see important note below) for Evaluation Assurance Levels (EALs) 1 through 4 (EALs are described in section 7.2 of  Part 3 of the CC standard) including some augmentations; and
  • FIPS 140-2 and approved algorithm validations to verify any claimed cryptographic functionality (as outlined in the CCEVS guidance ‘Specifying Cryptographic Requirements in Security Targets’).  Select FIPS 140-2 Services for details on EWA-Canada’s FIPS 140-2 services.

Vendors should note that the criteria for acceptance of submissions into the CCS are much less restrictive than that of the U.S. Common Criteria Evaluation and Validation Scheme (CCEVS), which will generally only accept CC submissions for products that are, at a minimum, compliant with Medium and High Robustness Protection Profiles (PPs). In addition, the CCS has no plans to introduce evaluation fees as recently announced by the CCEVS. CC evaluations performed under the CCS up to Evaluation Assurance Level (EAL) 4+ are fully recognized in the U.S. and all other countries who participate in the Arrangement on the Recognition of Common Criteria Certificates (CCRA) .

Please Contact Us for further information.