CCguide Training Course
Subscribe to CCGuide! Learn how to write Developer Docs based on EUCC Common Criteria.
The EUCC has already entered
into force
Read our blog post on How to Prepare and Apply for EUCC Certification for Your Product
IoT Guide Training Course
The definitive guide to crafting Compliant IoT Devices and high-quality developer documentation for ETSI EN 303 645 Certification.
Companies who chose us
About CCLAB
Founded in 2013, CCLab Ltd. is an agile cybersecurity laboratory specializing in Common Criteria evaluations and consultations. Our cybersecurity lab has been accredited by OCSI (Certification Body of the Italian Scheme) since 2015 and BSI (Certification Body of the German Scheme) since 2022.
We have successfully executed numerous projects, with the scale and quality of evaluations consistently increasing each year.
In 2023 CClab joined the QIMA group, a global Testing, Inspection, and Certification player, operating in more than 100 countries from 60 offices and labs.
Our Cybersecurity solutions
Navigate the complex landscape of cybersecurity certifications
with expert guidance
Common Criteria Evaluation
ISO 15408 Common Criteria Compliance and Certification up to EAL4+ or EAL5.
Common Criteria Consultancy
Professional support to prepare for a successful Common Criteria evaluation saves you cost and effort.
Consumer IoT (ETSI EN 303 645) Cybersecurity
Comply with ETSI EN 303 645 standards, providing guidelines and expertise for the security of consumer Internet of Things (IoT) devices.
Smart Metering Cybersecurity
Data security solutions for smart metering system components with independent verification by out certified laboratory.
Radio Equipment Directive Cybersecurity Compliance
Learn more about the Radio Equipment Directive (RED) specifying cybersecurity requirements for radio equipment sold within the EU.
UK PSTI compliance
How to get your connected device compliant with the upcoming cybersecurity regulation in the UK, the Product Security and Telecommunications Infrastructure (PSTI) Act.
Industrial Control System Security
Cybersecurity evaluation and certification of industrial automation and control system based on ISA/IEC 62443-4-1 and 62443-4-2 standards.
Cybersecurity Certification
Get your IoT, IIoT device certified after successful evaluation and testing based on ETSI 3030 645 or IEC 62443-4-1, 62443-4-2.
.png)
Evaluation with
agility in mind
What does it mean?
Dedicated project leader, who understands the processes
No surprises at the end of the project,
Weekly/biweekly
status meetings
Emails are responded within one working day
Short iterations with immediate feedback
Understandable and solution-oriented observation reports
We intervene immediately in case of any minor problems
Track progress in monthly reports
Cybersecurity News
Is EUCC Enough? Addressing Gaps in European Cybersecurity Certification
7
min reading time
As Europe advances its digital transformation agenda, securing its technological infrastructure has become a top priority. At the center of this ambition lies the European cybersecurity certification ecosystem. Most notably, the European Cybersecurity Certification Scheme (EUCC). Designed to harmonize security assurance practices across EU member states, EUCC is the first concrete step under the EU Cybersecurity Act to create a unified framework for certifying ICT products and services. But while EUCC represents a major achievement in digital sovereignty, a crucial question remains: Is it enough? This article explores what the European Cybersecurity Certification does well, where its current limitations lie, and what additional steps are necessary to create a truly resilient cybersecurity landscape across Europe.
Cybersecurity in RED: Adapting to Article 3.3(d), (e), and (f) Requirements
9
min reading time
As the Internet of Things (IoT) continues to transform homes, workplaces, and industries, the cybersecurity risks associated with connected devices have grown exponentially. Recognizing this, the European Union has revised the Radio Equipment Directive (RED) to introduce critical cybersecurity provisions. In particular, Articles 3.3(d), (e), and (f) of the RED mandate manufacturers to design radio equipment that protects networks, ensures personal data privacy, and prevents fraud.These updates reflect a broader EU effort to safeguard digital ecosystems and align technological innovation with user trust and security. For manufacturers of wireless and radio-connected devices, understanding and implementing these cybersecurity requirements is no longer optional – it’s a regulatory obligation. For organizations like CCLab, which guide clients through Common Criteria (CC) evaluations and RED compliance, these changes highlight the growing intersection of product security and legal conformity.
The Future of EUCC Certification for ESG Software
8
min reading time
As the demand for corporate accountability continues to surge, Environmental, Social, and Governance (ESG) software has taken center stage in how companies collect, manage, and disclose sustainability data. With regulatory frameworks tightening across the EU and globally, ESG software vendors must now consider cybersecurity not just as a technical necessity but as a cornerstone of ESG integrity. At the heart of this transformation is the EUCC (European Union Cybersecurity Certification) framework—an emerging standard that ensures the secure design, deployment, and maintenance of digital products, including ESG platforms. In this article, we’ll explore why EUCC certification is becoming a critical benchmark for ESG software, how it reinforces security and compliance, and how CCLab can streamline the path to successful certification.
Meet us here
Join our captivating cybersecurity events to enhance your knowledge and engage with our team of experts.
EN 18031 Kiberbiztonsági szabványok, szakmai képzés
Internetkapcsolattal rendelkező rádióberendezésekkel vagy vezeték nélküli IoT eszközökkel dolgozik, és szeretné megtudni, hogyan felelhet meg a RED irányelv és a kiberbiztonsági harmonizált szabványok követelményeinek?
.jpg)
Evolving Cybersecurity Requirements under the Radio Equipment Directive – Watch On-Demand Now!
If you missed the live webinar on Evolving Cybersecurity Requirements under the Radio Equipment Directive (RED) on 28 May, you can still access the valuable insights shared. Experts Levente Cseh, Gergely Bakos, and Jonatán Bodo will guide you through compliance strategies, device security enhancements, and how to stay competitive in an increasingly connected market.
Testimonials
Kenneth Lasoski
Versa Networks
Evaluation team was extremely reasonable and flexible with resolution to findings and was helpful in finding agreeable solutions for CB comments. Consultation team was always responsive and helped shape the documentation for easier evaluation, and provided useful recommendations on satisfying SFR/SARs.
Thierry Bonda
Landis+Gyr
CCLab was well prepared, flexible during the whole evaluation process, and supported us with continuous communication and guidance. Many lessons were learnt during the project and CCLab has always been looking for solutions, supporting our developers the best way they could. The new Swiss evaluation methodology was a good and professional basis to work with, but both parties had to learn how to deal with it.
Jake Nelson
Corsec Security Inc.
The relationship between Corsec and CCLab has been instrumental in helping product vendors successfully complete the Common Criteria certification process. As a Common Criteria consultant to the product vendor, Corsec relies on CCLab’s responsiveness and expertise to quickly and thoroughly complete the testing component of the process. CCLab has been essential in managing multiple projects, their professionalism has helped ensure product vendor satisfaction and ultimate project success.
Alexander Testov
AO Kaspersky Lab.
"I would definitely recommend CCLab to anyone in need of Common Criteria certification. Our cooperation was comfortable, well organized and efficient. I am totally satisfied with the result."
Dayton Marcucci
HID Global
The CCLab team gave us full support to adapt to the changes during product development. Whatever the challenges faced they could keep the due dates and we were able to complete the process quickly and efficiently. The real agile lab helped our success. We are going to work with them again. I highly recommend them to anyone wanting to get its product certified.
Jaime Chica
NXP Semiconductors
It was a well-managed project which achieved success in an effortless manner.
Kalev Pihl
SK ID Solutions
We needed a lab that works quickly but with high work morale and quality of work. CCLab is exactly like that! It was good cooperation experience to work with them. The project was rather complex and our expectations maybe even too high, but the team was committed to the common goals and could keep the milestones; therefore we were able to deliver what was needed. I highly recommend CCLab team to anyone for their great team spirit, quality orientations, agility and reasonable pricing.
Israr Ahmed
Ascertia Ltd.
On behalf of Ascertia, accept my appreciation for the excellent job done by CCLab team over the past several months in achieving the Common Criteria Certificate for ADSS Server SAM solution. It was an enormous undertaking but went smoothly and efficiently! Thanks to your leadership and dedication combined with your staff's teamwork and energy, we achieved our target. You and your employees should take great pride in this accomplishment. We look forward to extend our work with you for our next certification milestone and hope will continue to get such excellent service.
Zsolt Rózsahegyi
I4P Informatics Ltd.
Thanks to the agile processes we've been able to add new features to the product during the evaluation that made it even more valuable to customers. CCLAB efficiently supported us throughout the whole change management process. The predictability, accurate scheduling, and supportive mindset helped us to finish the project in time.