Riscure provides security evaluations for the Common Criteria certification process with the Dutch Certification Body (NSCIB). We are mostly requested to do High Assurance evaluations (EAL4+ to EAL7+), and we can also work with all level of Assurance.
Our main expertise is on ICs, ICCs and Crypto Libraries, and we also evaluated other types of product (like Data Diodes). We can master all “architectural layers” of classical high secure solution technologies (like Smart Cards and similar devices) from the underlying Hardware and the Crypto Libraries, up to the Software level of the OS, Platforms and Applets.
We provide you with more efficiency, acquiring rapidly substantial input for our optimized Vulnerability Analysis. This is thanks to the in-house development of advanced tooling that allows us to achieve the same assurance objectives in a shorter amount of time.
Benefits of working with Riscure
Successful track record up to the highest Evaluation Assurance Level, EAL7+.
Possibility to combine Common Criteria and EMVCo certifications.
Flexibility and skills to combine different components and variants under the same evaluation.
Clear guidance to understand “what is needed and when” during the certification process.
Short lead times and flexible planning, allowing you to reach the market fast.
If you want to understand the Common Criteria process, improve the Security of your development process or understand the impact of security on your product, we can support you at any phase of your development cycle. Our focus is on empowering our customers to efficiently manage security on their own.
Riscure has the capacity and the capability to fully separate pre-certification and certification work: using security laboratory expertise for raising awareness on security-centric topics and providing feedback early in the design process are the most effective risk mitigation for developers. During a pre-certification you can investigate deeper the real resilience of your product: an attacker does not play along the rules, so aiming at the bare minimum in terms of security is a shortcut that opens the flank to potential risks. We are realistic in terms of attack potential and threats in the field, being at the same time creative to uncover weaknesses that would harm your product in the near future.