CC Certification

The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification.

Common Criteria provides assurance that IT security products have been specified and evaluated in a rigorous and repeatable manner and at a level commensurate with the target environment for use.

Originally developed to unify and supersede national IT security certification schemes from several different countries, including the US, Canada, Germany, the UK, France, Australia and New Zealand. Common Criteria is now the widest available mutual recognition of secure IT products.

Thales delivers security products that have been tested and certified against the rigorous Common Criteria standard, helping you comply with regulations while also giving you the confidence you need in your security solution.

Overview
Thales Compliance Overview
Product Compliance Details

Security Standard

Common Criteria certified solutions are required by governments and enterprises around the world to protect their mission-critical infrastructures. Common Criteria is often a pre-requisite for qualified digital signatures under the European Union digital signature laws. Additionally, U.S. Government customers frequently request products that are National Information Assurance Partnership (NIAP) listed, which requires CC certification.

The Common Criteria standard provides an assurance on different aspect of the product security covering areas such as:

Development of the product and related functional specification, high-level design, security architecture and or implementation design
Guidance of the product and related manual for the secure deployment and preparation of the product
Life-cycle of the document and all related process applicable during the creation of the product such as configuration management or secure development process and tools used to the deployment and retirement of the product with the life-cycle design and delivery process
Supporting security policy documentation
Tests of the product and particularly coverage of the functional security requirement
Vulnerability assessments

Certification Authorities

Common Criteria is an international standard (ISO/IEC 15408). The Common Criteria Development Board managed the technical work program for the maintenance and ongoing development of the CC set of documentation.

Two majors recognition agreements exist in the Common Criteria:

Common Criteria Recognition Arrangement (or CCRA) that comprises 28 countries across all continents, and recognizing the the certification Common Criteria up to the level EAL 2 of secure IT products by the CCRA authorizing members
Senior Official Group – Information Systems Security (or SOG-IS) that comprises 15 countries from Europe, and recognizing the certification Common Criteria up to the level EAL 7 of secure IT products depending on the level of the SOG-IS members

Thales Support for the Common Criteria Standard

Vormetric Data Security Manager Module (DSM)

The Vormetric Data Security Manager V6000 has been certified by the National Information Assurance Partnership (NIAP) to the Common Criteria security standard using the NIAP Protection Profile PP ESM PP PM v2.1 Enterprise Security Management – Policy Management Version 2.1.

Find the certificate here and the report here.

Please find a summary of Thales products that are certified to Common Criteria and other standards below.

Download Certification Tables

Vormetric Data Security Platform - Data Sheet

As security breaches continue to happen with alarming regularity and data protection compliance mandates get more stringent, your organization needs to extend data protection across more environments, systems, applications, processes and users. With the Vormetric Data Security...

Partners Resources Blogs Sentinel Drivers

Common Criteria Certification