Common Criteria services

SEARCH-LAB offers complementary services to Common Criteria (ISO 15408) evaluations according to the Common Evaluation Methodology (ISO 18405) and related CCIMB guidelines. We have experiences with both the 2.3 and 3.1 versions of the standards.

SEARCH-LAB can help in preparing Protection Profiles (class APE) and Security Targets (class ASE), as well as in preparing Target of Evaluations (TOEs) for actual certifications. Additionally, SEARCH-LAB can carry out vulnerability assessment (class AVA) tasks for the developers in order to speed up the preparation process.

Protection Profiles (class APE)

SEARCH-LAB offers Protection Profile preparation according to Common Criteria. In particular SEARCH-LAB can carry out the following CC tasks for its customers:

• PP introduction (APE_INT)
• Security problem definition (APE_SPD)
• Security objectives (APE_OBJ)
• Security requirements (APE_REQ)

Security Targets (class ASE)

For a specific ToE, SEARCH-LAB can also create the whole or a part of the Security Target specification. For example we offer executing the following CC tasks:

• ST introduction (ASE_INT)
• Security problem definition (ASE_SPD)
• Security objectives (ASE_OBJ)
• Security requirements (ASE_REQ)
• TOE summary specification (ASE_TSS)

Vulnerability Assessment (class AVA)

One of the most important assurance classes is Vulnerability Assessment, which addresses the possibility of exploitable vulnerabilities introduced during the development or the operation of the TOE. In particular SEARCH-LAB offers to perform the following tasks within this evaluation step:

• Common Criteria v2.3
  • Covert channel analysis (AVA_CCA)
  • Misuse (AVA_MSU)
  • Strength of TOE security functions (AVA_SOF)
  • Vulnerability analysis (AVA_VLA)
• Common Criteria v3.1
  • Vulnarability analysis (AVA_VAN)