Security Regulation and policies

In many sectors products MUST comply to standards. When standards are open and freely accessible this can reduce security risks. Also open standards means that compliance can be made more transparent. Especially when compliance reports are also openly published.

The Common Criteria for Information Technology Security Evaluation (CC)

If you want to launch a product is many countries and want to make sure you follow all regulations per country: A smart thing is to make use of the common criteria checks.

The Common Criteria for Information Technology Security Evaluation (CC), and the companion Common Methodology for Information Technology Security Evaluation (CEM) are the technical basis for an international agreement, the Common Criteria Recognition Arrangement (CCRA), which ensures that:

  • Products can be evaluated by competent and independent licensed laboratories so as to determine the fulfilment of particular security properties, to a certain extent or assurance;

  • Supporting documents, are used within the Common Criteria certification process to define how the criteria and evaluation methods are applied when certifying specific technologies;

  • The certification of the security properties of an evaluated product can be issued by a number of Certificate Authorizing Schemes, with this certification being based on the result of their evaluation. These certificates are recognized by all the signatories of the CCRA.

More information on: https://www.commoncriteriaportal.org/