Laboratory
ITSEF Laboratory (IT Security Evaluation Facility)
The ITSEF Laboratory conducts security evaluations of products in areas such as information technology, energy and smart power grids, smart metering, industrial automation and control systems, automotive, Internet of Things (IoT), Industrial Internet of Things (IIoT), telecommunications networks, public administration, and critical infrastructure components.
The goal of the assessments is to verify the effectiveness of the security measures applied in the product and to evaluate the product’s documentation according to the evaluation criteria defined in the Common Criteria standard.
The evaluations are carried out with the level of detail and rigor specified for the required Evaluation Assurance Level (EAL), for which a certificate is issued. The evaluation is conducted at assurance levels ranging from EAL 1 to EAL 4.
The higher the specified EAL level, the more rigorous the evaluation process, the more thorough the vulnerability analysis, and the higher the attack potential used in the penetration tests.
The evaluations include security assessment, design documentation and security architecture review, product manufacturing environment audit, security function testing, vulnerability analysis, and penetration testing.
Depending on the product and the chosen EAL level, the evaluations last from 2 to 8 months.
Products subject to evaluation in the following areas:
- Industrial infrastructure – components of industrial automation and control systems: programmable controllers, SCADA systems, HMI, RTU, smart metering sensors, IIoT components
- Network infrastructure – switches, firewalls, gateways, cybersecurity probes, data diodes, wireless network components
- IT infrastructure: security incident detection software, antivirus systems, operating systems, and databases
- Identification and authentication – HSM solutions, devices and software for electronic signatures, smart cards, and processors
- Certification costs comparable to other European laboratories
- The entire certification process conducted within the Polish certification program based on documentation in Polish
- Access to consultations and training led by Polish specialists
- Security assessment performed by an independent and impartial third party in a laboratory accredited by PCA
- Product security certificate issued within the Polish certification program by a Certification Body operated by the Research and Academic Computer Network (NASK – PIB)
- Internationally recognized certificate in the CCRA and SOG-IS agreements
- Publication of certification information on the international Common Criteria portal. (https://www.commoncriteriaportal.org/products/)
- Publication of certification information on the Certification Body’s portal. (https://www.nask.pl/pl/dzialalnosc/certyfikacja/wykaz-certyfikatow/3766,Wykaz-certyfikatow.html)
- Customer support in preparing the product for evaluation and consultations on developing the Security Target and product documentation
- Introductory training on the Common Criteria standard
- Implementing best practices in the design of secure IT products.
- Increased product competitiveness in domestic and international markets
- Increased customer trust in certified products
Service recipients
The laboratory’s offer is aimed at manufacturers of IT products in the form of software, hardware components, and hardware-software solutions that incorporate any IT security measures designed to protect the data processed and stored in these products.
Accreditation by the Polish Centre for Accreditation
No. AB 1781
