Evaluations according to the new European cybersecurity scheme
The test laboratory of SRC Security Research & Consulting GmbH was one of the first bodies to be notified by the National Cybersecurity Certification Authority (NCCA) to the EU Commission. This means that SRC is authorized to carry out evaluations in the new European Common Criteria scheme (EUCC) for all trustworthiness levels and technical domains.
SRC was one of the first testing laboratories to be notified for the new EUCC scheme. SRC Security Research & Consulting GmbH, based in Bonn, is a leading testing and consulting company for IT security and new technologies. "The notification is an important milestone for us," says Ralf Schulze, Division Manager at SRC. "It confirms the high quality of our work and ensures that we can also provide our customers with comprehensive support in the new European certification system."
From national to European cybersecurity scheme
SRC has been successfully carrying out evaluations of IT security products in the German Common Criteria scheme under the supervision of the German Federal Office for Information Security (BSI) since 2002. With the introduction of the EUCC scheme, the national Common Criteria schemes are gradually being replaced by a standardized European scheme. Manufacturers of IT security products that require Common Criteria certification can therefore continue to rely on SRC's many years of experience and expertise. "Our customers and partners will benefit from a smooth transition to the new EUCC scheme," emphasizes Schulze. "Thanks to our early notification, we can continue to guarantee the highest level of safety and continuity in the evaluation of their products."
Benefits and function of the EUCC scheme
The European Common Criteria Based Cybersecurity Certification Scheme (EUCC) is the new European certification system for the security of IT products. It is based on the internationally recognized Common Criteria (ISO/IEC 15408) and serves to harmonize IT security certifications within the EU. The aim is to create uniform standards for the evaluation and certification of products in order to strengthen cyber security and increase trust in digital technologies.
Manufacturers of IT security products, such as firewalls, smartcards or healthcare products, use the EUCC certification to prove the conformity of their products with high security standards - a requirement that is increasingly crucial for market access in Europe and beyond. "The EUCC scheme will create the basis for a uniform European level of trust in IT security products," explains Schulze. "Such certification will be an indispensable competitive advantage in the future, especially for internationally active manufacturers."
Outlook: Certification body for EUCC substantial in preparation
In addition to evaluation, SRC will also offer certification services under the EUCC scheme for the "substantial" assurance level in the near future. The accreditation and authorization of the certification body required for this are already at an advanced stage. "Our aim is to offer our customers a comprehensive range of services from a single source," explains Schulze. "With the future expansion to include certification services, we will be able to accompany and optimally support the entire EUCC certification process."
Source and further information: https://www.src-gmbh.de
