Product safety is critical for device manufacturers. Common Criteria guarantees that certified products meet an agreed high safety standard that is recognized by more than 30 countries around the world.
Manufacturers wishing to obtain the Common Criteria certificate can start the certification process with the ITSEF Laboratory (IT Security Evaluation Facility) operating within the Łukasiewicz - EMAG institute structures.
The ITSEF (IT Security Evaluation Facility) Laboratory carries out security evaluation of IT products, both software and hardware, in the following application domains: information technology, power engineering and intelligent power engineering networks, intelligent metering, industrial automation and control systems, motor industry, Internet of Things (IoT), telecommunication networks, public administration, critical infrastructure elements.
The IT product security assessments are carried out in accordance with the family of international standards dealing with IT security evaluation ISO/IEC 15408, commonly known as Common Criteria. Security testing is performed in compliance with the requirements of CCRA (Common Criteria Recognition Arrangement) and SOG-IS MRA (Senior Officials Group –Information Systems Security Mutual Recognition Agreement of Information Technology Security Evaluation Certificates).
The efficiency of security measures applied in an IT product is verified during an independent assessment process performed by qualified evaluators with the use of specialized equipment and tools. Within this process the product documentation is examined, its development environment is audited, functional tests are performed along with vulnerability analysis and penetration tests. The evaluation is carried out with the degree of detail and rigour defined according to the assumed EAL (Evaluation Assurance Level), with the use of ISO/IEC 18045 (CEM – Common Evaluation Methodology)
According to the requirements of PN-EN ISO/IEC 17025, the accredited ITSEF Laboratory ensures independence and impartiality of the performed tests. The Laboratory guarantees confidentiality of the client's documentation and the test results. This is achieved thanks to the application of state-of-the-art technical security measures, limited access to the Laboratory (only for authorized personnel), a separate IT network for data storage, as well as the use of rigorous procedures stipulated by the applied quality management and security management systems.
The unit offers support services such as compliance tests, attestation and technical opinions. In addition, producers can benefit from certification processes.