Advice on Common Criteria for a specific IT product in accordance with the requested evaluation assurance le

Description

The service builds on the knowledge gained from the service Getting Started with Common Criteria certification of your IT product - Training, so it is recommended that Clients use this service first, in order to get the most out of the consultation package offered hereby.

The service is more advanced. It is aimed at the development of a specific IT product by the entrepreneur.

The service is divided into two stages:

  • A consultation package on the development of a security task for the client's IT product
  • A consultation package for the development of evidence for the client's IT product (one to choose from, depending on the EAL1 to EAL4+ level of reasonable confidence chosen by the client for the product)

Service delivery phases

The service is divided into two stages and delivered incrementally as follows:

  • the consultant provides an outline of the evidence and requirements for filling it with content, helps to identify relevant content related to the IT product,
  • the client develops a given part of the evidence and submits it for verification,
  • consultant verifies the content and presents how to improve it,
  • client improves the content,
  • consultant provides guidance on how to address the observation reports received from the security assessment lab,
  • the consultant verifies client's corrections to the evidence resulting from the lab's reports of observations.

Value

  • reduction of costs of preparing an IT product for certification
  • minimising the risk of a negative assessment of the IT product being certified
  • knowledge regarding the design and manufacture of IT products with a view to their certification in Common Criteria