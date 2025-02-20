atsec is thrilled to announce it is the first accredited conformity assessment body (CAB) for the new EU Common Criteria (EUCC) certification scheme. With this accreditation, atsec can provide evaluations for the Substantial assurance level immediately, the High assurance level once authorization is received shortly, as well as post-certification compliance support.

This harmonized approach to security certification is a major milestone, as the EUCC represents an evolution in cybersecurity regulations in the EU and a crucial requirement for ICT product manufacturers.

atsec is a Conformity Assessment Body that provides both Information Technology Security Evaluation Facility (ITSEF) and Certification Body (CB) services, resulting in a seamless end-to-end EUCC certification process for manufacturers.

atsec provides:

Security evaluations and certification services at the assurance level Substantial and High.

Post-certification compliance support to help manufacturers maintain their certification status.

By offering both evaluation and certification, we eliminate unnecessary complexity and streamline the certification journey for manufacturers.

As you consider EUCC certification, here’s an overview of the four-step process to receive one:

1. Determine the Required Assurance Level

Substantial – cover vulnerability analysis at AVA_VAN level 1 or 2.

High – cover vulnerability analysis AVA_VAN level 3, 4 or 5.

2. Prepare Security Documentation

Each assurance level has requirements for security documentation, including providing guidance documentation, development & lifecycle evidence, test documentation. The manufacturers will need to provide the Security Target (ST) which can claim compliance to a Protection Profile (PP).

3. Conduct Independent Evaluation

The EUCC-approved ITSEF performs evaluation of your product against security assurance requirements defined in the ST. This includes:

Vulnerability Analysis & Penetration Testing

Functional Testing

Evaluating design and guidance documentation

4. Certification

Once the evaluation is completed, the EUCC-approved CB issues an EUCC certificate, allowing your product to be recognized across the EU market.

EUCC certification is an ongoing commitment. Certified manufacturers must:

Provide security guidance for end users

Commit to providing security updates

Establish a vulnerability disclosure process

Monitor and address publicly disclosed vulnerabilities

Failure to meet these requirements could impact the validity of the EUCC certificate.

For manufacturers looking to navigate EUCC certification smoothly, atsec provides expert guidance every step of the way. Contact us at info@atsec.com to learn more.

Links:

atsec’s blog article about the CAB accreditation:

https://www.atsec.com/atsec-becomes-the-first-accredited-eucc-conformity-assessment-body/

Summary of atsec’s accreditations and authorizations:

https://atsec.com/company/atsecs-own-certificates/

atsec’s CC Evaluation Services:

https://atsec.com/services/it-evaluation-assessment/common-criteria-evaluation/

atsec’s CC Certification Services:

https://atsec.com/services/certification/common-criteria/

EUCC Certification Scheme:

https://certification.enisa.europa.eu/certification-library/eucc-certification-scheme_en

View source version on businesswire.com: https://www.businesswire.com/news/home/20250220262956/en/