10
min reading time
The rapid advancement of connected medical devices has revolutionized the healthcare sector, particularly in vitro diagnostics (IVD). These devices are pivotal in disease detection and management, from genetic tests and blood glucose meters to infectious disease diagnostics, underpinning modern healthcare practices. The global market for in vitro diagnostics (IVD) is projected to grow significantly, with estimates predicting a compound annual growth rate (CAGR) of 5% to 7%, driven by advancements in connected diagnostic devices. While these innovations enhance diagnostic accuracy and operational efficiency, they also amplify cybersecurity risks, demanding urgent attention to device security. However, the growing connectivity of in vitro diagnostic devices exposes them to cybersecurity threats, posing risks to patient data, diagnostic accuracy, and operational continuity. This article explores the vulnerabilities of connected IVD devices, the significance of IVDR compliance, and strategies to safeguard against emerging cyber threats.
9
min reading time
As cyber threats become more sophisticated, businesses are compelled to implement rigorous protection strategies to stay compliant and secureCertification labs, like CCLab, play a crucial role in supporting businesses with expert testing, assessment and comprehensive compliance services, and specialized training. These labs offer services ranging from security audits to penetration testing, ensuring businesses remain resilient against evolving cyber threats while meeting regulatory standards. This article explores the indispensable role of certification labs, highlighting how they enhance cybersecurity, ensure compliance, and support a safer digital landscape.
5
min reading time
This year, CCLab sponsored the opening reception of the International Common Criteria Conference (ICCC) in Qatar. Like in previous years, CCLab experts were present during the event meeting the most important stakeholders of Common Criteria. The ICCC is a highly prestigious professional event now in its 23rd year. It provides opportunities for networking and various forums to discuss CC policy and development. It is aimed at participants involved in the specification, development, evaluation, certification, and validation of IT security products and systems.
8
min reading time
In an era where digital threats grow in complexity and frequency, cybersecurity is no longer a secondary consideration but an essential part of manufacturing operations. Compliance with security standards offers manufacturers a structured approach to managing the growing risks of digital threats and securely handling sensitive data. Compliance also helps companies meet industry regulations, protect intellectual property, and avoid potentially devastating financial losses.
7
min reading time
The Industrial Internet of Things (IIoT) has transformed the manufacturing industry, enabling real-time monitoring, improved operational efficiency, and better decision-making processes. IIoT systems integrate industrial equipment with advanced data analytics and cloud connectivity, creating smarter, more autonomous industrial environments. However, the rise of IIoT systems has also introduced significant cybersecurity challenges. As more devices connect to networks, vulnerabilities and threats in manufacturing systems increase, requiring robust security measures to protect sensitive data and ensure operational continuity.
7
min reading time
The European Union's digital infrastructure is continuously evolving to facilitate secure, cross-border electronic transactions. In this context, two crucial frameworks—the eIDAS regulation and the Common Criteria standard— play pivotal roles. eIDAS (Electronic Identification, Authentication, and Trust Services) aims to unify and enhance electronic identification systems across the EU. Meanwhile, the Common Criteria standard offers a comprehensive framework for evaluating the security of IT products and systems.
8
min reading time
The rise of the Internet of Things (IoT) has revolutionized how we interact with technology. Consumer IoT devices are now deeply integrated into the fabric of modern life, from smart home appliances, wearable gadgets, and connected vehicles to health monitors and voice assistants. However, the increased connectivity provided by consumer IoT products also introduces a broader attack surface for cyber threats.
7
min reading time
As consumer IoT devices become more prevalent, ensuring their security is critical to protecting user data and maintaining trust in the expanding IoT ecosystem. One of the most recognized standards for securing these devices is ETSI EN 303 645, which provides a set of baseline requirements for safeguarding consumer IoT products. This standard, introduced by the European Telecommunications Standards Institute (ETSI), addresses common vulnerabilities in consumer IoT devices and establishes guidelines for manufacturers to create more secure, robust, and compliant products.
9
min reading time
The global market for radio equipment is rapidly expanding, driven by the increasing adoption of wireless technologies in various sectors. However, manufacturers looking to enter or sustain their presence in the European market must navigate the stringent requirements of Directive 2014/53/EU, commonly known as the Radio Equipment Directive (RED).
7
min reading time
The EUCC scheme, spearheaded by the European Union Agency for Cybersecurity (ENISA), was released in early 2024. It builds on the SOG-IS Common Criteria evaluation framework already used by 17 EU Member States.
11
min reading time
In today's interconnected world, the landscape of cybersecurity is continuously evolving. With the proliferation of digital technologies and the internet, businesses are increasingly exposed to cyber threats. The risks are numerous and ever-changing, from data breaches and malware attacks to phishing schemes and ransomware. In this context, identifying the best cybersecurity certifications that suit your business needs becomes crucial.
8
min reading time
ICT (Information and Communication Technology) products, encompassing a wide range of digital devices and software, are inherently vulnerable due to their complexity and the ever-present potential for undiscovered security flaws. The interconnected nature of these products further amplifies the risk, as a single vulnerability can lead to widespread security breaches across networks and systems. To mitigate these risks, the strategic integration of cybersecurity certification requirements in ICT products has become paramount.
10
min reading time
The new Common Criteria Scheme, called the European Cybersecurity Certification Scheme (EUCC), is essential for harmonizing high-security cybersecurity certification of ICT products across EU member states. It facilitates mutual recognition of certifications, supports innovation, and ensures compliance with legal requirements. Fully effective from February 2025, the EUCC aims to provide a unified and robust framework for evaluating IT products, boosting consumer trust, and fostering a more secure digital environment.
9
min reading time
The Radio Equipment Directive (RED) plays a pivotal role in the single market for radio equipment. It establishes a regulatory framework that promotes seamless trade, ensures product safety, and enhances consumer protection across the European Union. The inclusion of articles 3.3(d), 3.3(e), and 3.3(f) provides requirements for manufacturers on cybersecurity compliance, introducing new dimensions to the already comprehensive directive.
9
min reading time
Common Criteria (CC) is a globally recognized standard for evaluating and certifying the security features of eligible Information Technology (IT) products. Established through collaboration between multiple nations, CC provides a unified framework for assessing and comparing the security capabilities of IT solutions. This standardization ensures that products meet predefined security requirements, enhance consumer trust, and facilitate access to international markets.
2
min reading time
CCLab Ltd. has successfully completed the CBTL audit and obtained authorization as a CB Testing Laboratory (CBTL) under the international IECEE CB scheme. Based in Hungary, CCLab successfully extended its cybersecurity testing, evaluation, and certification capabilities officially on 24th May 2024, for consumer IoT devices compliant with ETSI EN 303 645 and industrial automation and control systems specialized in IEC 62443-4-1 /4-2 standards within the IECEE CB scheme. Certificates issued under the CB scheme are currently accepted in over 50 countries.
8
min reading time
In an era where cybersecurity hazards loom large, the European Union's updated Radio Equipment Directive (RED) represents a transformative shift in safeguarding wireless devices. This directive, with new delegated regulations effective from August 2025, mandates enhanced network protection, stringent personal data privacy measures, and proactive anti-fraud strategies for all wireless devices entering the EU market. Manufacturers are now challenged to integrate advanced security features into consumer IoT devices to meet these stringent requirements. Discover how these regulatory changes are shaping the future of wireless device cybersecurity and fostering a more secure and trustworthy digital environment for consumers across Europe.
9
min reading time
In cybersecurity, the Common Criteria (CC) is a cornerstone that provides a standardized framework for evaluating the security capabilities of eligible IT products. It is a vital tool for manufacturers seeking to assess the effectiveness and reliability of security solutions in the face of evolving threats. However, as technology advances at an unprecedented pace, the challenges faced by IT security professionals continue to grow. The new version of the CC (CC:2022 Revision 1) was published in November 2022.
7
min reading time
The Common Criteria certification stands as a cornerstone in cybersecurity, offering an internationally recognized benchmark for assessing the security attributes of eligible IT products. Recently, significant shifts have been noted in the landscape of Common Criteria, particularly in the transition from SOG-IS to EUCC. This transition, anticipated to have a profound impact, highlights the evolution of the certification scheme within the European Union.
5
min reading time
The NIS Directive was the EU's inaugural cybersecurity legislation, aiming to establish a unified high level of cybersecurity across Member States. Although it bolstered cybersecurity capabilities, its implementation encountered challenges, leading to fragmentation within the internal market. NIS2 becomes legally binding in 2024, with Member States having until October 17, 2024, to transpose the Directive into their national legislation.
9
min reading time
In today's digital landscape, where cybersecurity threats loom large, and trust is paramount, Common Criteria certification emerges as a beacon of assurance. This globally recognized standard sets the bar for IT product security, instilling confidence in customers, stakeholders, and regulatory bodies. Beyond mere validation, it serves as a shield against potential risks, fortifying organizations' defenses and fostering a culture of safety in the digital realm.
7
min reading time
Consumer IoT, or Consumer Internet of Things, represents a significant paradigm shift in our interaction with technology, promising enhanced efficiency and personalized experiences in our daily lives. However, alongside these promises come new challenges for developers and manufacturers, particularly in privacy, security, and regulation. Navigating this emerging landscape requires a comprehensive understanding of its potential and pitfalls.
9
min reading time
Businesses continually seek avenues to expand their market reach and drive profitability in the dynamic global commerce landscape. Among the myriad strategies available, leveraging international standards and certifications is paramount to facilitating market access. One such pivotal certification framework is the IECEE CB Scheme. In this comprehensive guide, we delve into the intricacies of the scheme, elucidating its significance, benefits, and the streamlined process it offers for accessing international markets with unparalleled efficiency.
6
min reading time
In today's interconnected world, the Internet of Things (IoT) has become an integral part of our daily lives, from smart homes to industrial automation. However, with the proliferation of IoT devices, security concerns have emerged as a significant challenge. In response to these challenges, the European Telecommunications Standards Institute (ETSI) developed the ETSI EN 303 645 standard, reshaping the landscape of consumer IoT cybersecurity.
8
min reading time
In the continually evolving cybersecurity landscape, ensuring the safety and reliability of Information and Communication Technology (ICT) products has become more crucial than ever. The European Common Criteria-based Cybersecurity Certification Scheme (EUCC) is a groundbreaking and indispensable scheme to meet this pressing need. Enacted within the Cybersecurity Act certification framework, the new scheme is a pioneering initiative to establish a unified certification framework for a diverse range of ICT products. This ambitious endeavor heralds a transformative era in cybersecurity practices throughout the European Union.
6
min reading time
We are pleased to present a comprehensive report on the achievements and milestones of last year, summarizing our journey in 2023. The successful integration with QIMA has opened a new chapter in our story, strengthening our strategic positions. Our mission was clear: coordinating synergies while introducing new services and further strengthening our market position. Meticulous planning and joint efforts resulted in a harmonious merger, and celebrating our 10th anniversary in a spirit of innovation and growth.
5
min reading time
In the cybersecurity landscape, the Common Criteria Evaluation Assurance Level (EAL) is a critical factor in determining the security posture of a product. The EAL chosen for a product can significantly impact its security measures, evaluation processes, and user trust. This article delves into the importance of selecting the right EAL and the consequences of misjudgment and provides a step-by-step guide to aid in this crucial decision-making process.
8
min reading time
Ensuring the trustworthiness of IT products and systems is essential for users and the broader digital ecosystem. One critical aspect of this assurance comes from the evaluation and certification processes defined by the Common Criteria Protection Profile (CC PP) library. In this article, we delve into the significance of Protection Profiles in the certification process and explore some of the most common profiles contributing to information security's robustness.
11
min reading time
Common Criteria is a robust framework for evaluating and certifying the security features of IT products, with the Evaluation Assurance Level (EAL) serving as a crucial measure of security evaluation depth and rigor. In this article, we will explore the various Common Criteria security levels and their significance in ensuring the robustness of IT products.
6
min reading time
The annual International Conference on Common Criteria (ICCC) stands as a high-level technical conference. Celebrating its 21st year, this event provides a platform for professional networking and discussion forums on CC policy and implementation for those involved in the specification, development, assessment, certification, and validation of IT security for products and systems.
10
min reading time
Our new article will provide you with valuable information if you are considering getting your IT security product or technology CC-certified or if you are interested to know more about the Common Criteria evaluation process.
9
min reading time
Common Criteria Certification is pivotal in ensuring that the products we rely on remain resilient in an ever-evolving realm of cyber threats. It represents a dynamic standard that adapts to address emerging challenges, thereby compelling IT devices and systems to sustain their effectiveness against evolving threats. But what are the requirements that need to be met in order for a product to be CC certified? This article delves into the intricacies of Security Functional and Assurance Requirements for CC certification, shedding light on the essential aspects that define its significance.
4
min reading time
With the ever-increasing integration of wireless technology into our daily lives, ensuring the cybersecurity and safety of wireless devices has become a paramount concern. The European Commission addressed this issue by introducing the Delegated Regulation 2022/30. The new regulation enforces cybersecurity rules for consumer IoT radio equipment, replacing previous requirements in Article 3(3) of RED Directive. This article will provide a thorough overview of the new directive, focusing on essential information required for achieving compliance during the transition period.
10
min reading time
The Industrial Internet of Things (IIoT) is revolutionizing the industrial landscape by enabling the seamless integration of machines, devices, sensors, and software systems. It leverages the power of connectivity and data analytics to improve operational efficiency, optimize resource utilization, enhance asset tracking and management, ensure quality improvement, increase safety, streamline decision-making, and drive automation. In this article, we explore the cost-saving advantages IIoT offers and the challenges and solutions associated with its implementation.
12
min reading time
In this insightful interview, Ferenc Molnár, founder and CEO of CCLab discusses the critical importance of wireless device cybersecurity in today's digital landscape. The interview provides valuable insights into the importance of collective efforts in safeguarding our digital world and also delves into the upcoming regulatory changes, specifically the Radio Equipment Directive (RED), introduced by the European Union (EU).
12
min reading time
The proliferation of consumer IoT (Internet of Things) has brought numerous conveniences to our lives but has also introduced new cybersecurity challenges. In 2019 the European Telecommunications Standards Institute (ETSI) recognized this need and developed the ETSI EN 303 645 standards, the first global standard focusing on cybersecurity for consumer IoT devices. This article will explore the critical aspects of the ETSI EN 303 645 standard and its significance in protecting against potential cyber threats
9
min reading time
With the advent of network-connected medical devices, healthcare has witnessed significant advancements, enabling remote monitoring and managing patient health. However, the increasing connectivity of medical devices has also brought growing concerns regarding cybersecurity breaches. In this article, we explore the severity of medical device cybersecurity issues, the importance of proper cybersecurity measures, and the regulations to address these concerns.
3
min reading time
CCLab reached an important milestone in 2023, as it celebrated its 10th anniversary on April 3. The entire team celebrated this significant event with a 2-day trip at the breathtaking Avalon Resort & Spa in Miskolctapolca at the beginning of May. This remarkable event was full of excitement, heartfelt moments, and learning, just as CCLab has been for the past 10 years.
11
min reading time
The Internet of Medical Things (IoMT) has transformed the healthcare sector worldwide by allowing continuous remote patient monitoring, real-time data collecting, and improved treatment results. According to a recent analysis by Grand View Research, Inc., the global IoMT market is predicted to reach USD 861.3 billion by 2030 and to increase at a 16.8% CAGR from 2023 to 2030.
3
min reading time
It has now become a tradition that each year JTSEC, an ITSEC consulting company, publishes the annual Common Criteria Statistics Reports, an all-in-one report that collects and analyses all kinds of data on various aspects of the Common Criteria market. We are delighted to share that this year CCLab has made it into to report once again, as we conducted the Common Criteria evaluation project of two products under the Italian Scheme (OCSI).
11
min reading time
The Industrial Internet of Things (IIoT) has emerged as a game changer for manufacturers and developers looking to optimize processes and increase the efficiency of different industries by establishing intelligent networks that connect equipment, sensors, and systems. In 2021, the global market for IIoT platforms and apps for manufacturing industries was estimated to be worth 4.4 billion US dollars. The market is predicted to expand in the following years, reaching 22.3 billion US dollars in 2025.
8
min reading time
According to IoT Analytics’s latest report, the number of worldwide Internet of Things (IoT) connections increased by 8% in 2021 to 12.2 billion active endpoints in May 2022. This was much lower growth than in the years preceding the COVID-19 epidemic. The slower increase was mostly due to supply concerns rather than demand, which remains high owing to all of the potential enabled by IoT devices and systems.
7
min reading time
In recent years, the Internet of Things (IoT) has grown from arising technological innovations and inventions to devices and equipment that form part of our daily lives. Smart cars, office buildings, homes, and industries, as well as wearable devices and smart sensors, are ushering in a new era of digitization. However, there are sectors -such as healthcare-, in which IoT is of particular importance.
6
min reading time
In parallel with the explosive development of digitalization and online work, worrisome statistics regarding cyberattacks are expanding yearly. The outbreak of the pandemic in 2020 significantly increased the wireless security risk and contributed even more to the success of cybercriminals, as many companies had to switch to the home office or hybrid work model almost overnight without any preparation.
9
min reading time
The latest version of the Network Device collaborative Protection Profile (NDcPP) was released in March 2020. NDcPP currently is one of the most popular and extensively used protection profiles among network device vendors and manufacturers to get their product certified.
8
min reading time
According to Cynerio, a healthcare IoT cybersecurity company, 53% of connected medical equipment in hospitals has a known critical cybersecurity vulnerability. A third of bedside connected devices used in healthcare settings have an identified critical risk, which is definitely more worrying in terms of patient safety. This is just one of the many reasons why on 5th April 2017, the European Parliament voted to adopt the awaited Medical Device Regulation (MDR) and In vitro Diagnostic Regulation (IVDR). One of the most critical goals of the new Regulations is to strengthen medical device cybersecurity.
7
min reading time
Based on Upstream’s - a cybersecurity and data management platform for connected vehicles - latest report, the frequency of cyberattacks on cars increased 225% from 2018 to 2021. This data perfectly represents the importance of strengthening automotive cybersecurity for the entire industry. In our article below, we provide insight into this topic and its possible solutions. We explain why international cybersecurity standards and regulations are extremely important. Moreover, you can learn how we support automotive cybersecurity at CCLab.
6
min reading time
The global market for Smart Meters, estimated at US$10.5 billion in 2020, is predicted to grow at a CAGR of 6.7 percent, reaching US$15.2 billion by 2026. Based on the latest available data, U.S. electric utilities have about 102.9 million smart meter device (AMI) installations while 26.4 million homes and small businesses are equipped with smart and advanced meters in Great Britain.
6
min reading time
Smart meters are progressively being adopted globally for a variety of deployments, including electricity, gas, and water. Their two-way communication feature enables real-time tracking of utility usage by both the utility supplier and the consumer.
7
min reading time
Did you know that in the first half of 2021, 33.8% of Industrial Control Systems’ (ICS) computers were attacked, which is 0.4% points (p.p.) higher than in H2 2020? This means that only in the first 6 months of last year, over one-third of ICSs suffered some kind of cyber attack in the world.
2
min reading time
It proved to be a good decision to continue our workshop on Common Criteria on 9th June 2022. Many professionals attended to get first-hand information and updates from the world of CC and there has also been a lot of interest in CCGuide, our new educational material.
9
min reading time
You probably heard about Common Criteria, but you might be unsure what it means and whether you should get your product or system certified. We will go into detail about this topic so that, in the end, the concept of Common Criteria is going to be perfectly clear.
5
min reading time
We all use certain computer products with their software and different applications installed. We never think about opening the window for cyber attacks as we usually believe the software products are safe enough. During a research, Google team has found many vulnerabilities in software used by a great amount of users.
3
min reading time
We continue our Common Criteria workshop series, join us on 9th June 2022! Insights and updates from the world of CC, so as first-hand information and advice on preparation will be shared with the attendees. CCGuide, a new supporting tool will be introduced to developers who are willing to start a new Common Criteria certification project.
4
min reading time
Medical device cybersecurity solutions, MDR IVDR compliance. The latest article in our medical device cybersecurity related blog series has arrived. Today, we will explain the MDR compliance procedure and its possible complexities that everyone needs to know who has to conform with these regulations and obtain a CE certification.
2
min reading time
EUCC is a new certification scheme for ICT products that uses internationally recognized best practices and additional concepts used in Common Criteria. Why this is needed and what to expect, read on!
3
min reading time
The invited keynote speakers and our team members presented different points of view and it has created a really interesting workshop with nearly 40 participants from different parts of the world, representing a number of respected companies.
4
min reading time
Medical devices have been around for decades, however they weren’t built with cybersecurity in mind. Even though these connected devices, like insulin pumps, peacemakers or smart MRI scans gain popularity with an increasing speed, their security consideration still lags behind when compared to other IoT devices intended for industrial usage.
2
min reading time
Our aim is to share practical information and recommendations not only to those who are still be planning Common Criteria evaluation, but also those who have already been involved in such a process.
6
min reading time
IoT healthcare devices are relatively new on the market, and they are gaining popularity with an ever-increasing speed. However, as medical device manufacturers are building devices with healing and state-of-the-art technology in mind, they frequently forget about the security of these tools.
3
min reading time
In 2017, Global Marketing Insights valued the market size of Asia Pacific Smart Water Metering at over USD 85 million and estimated that the annual installation rate will exceed 6 million units by 2024. A year later, in 2018, this number grew significantly.
4
min reading time
Cybercriminals are no longer seeking to steal personal information only, like credit card details from private individuals, but attempt to hinder or debilitate the operation of online infrastructures that can cause serious upheaval in real life, and is a matter of national security.
3
min reading time
Cybersecurity professionals have been alarming the healthcare industry about the threat of exploitation of smart healthcare devices and the doctors’ over-dependence on them until sadly, their warnings became reality, and a person lost her life in a ransomware attack in a German hospital last year.
1
min reading time
Our professionals at CCLab are dedicated to contributing to the cybersecurity industry. Our aim is to help the profession by active participation in many professional forums, where our knowledge and experience could add value.
1
min reading time
Being a member of the Ad Hoc Working Group Gábor will represent CCLAB and Hungary on the highest professional level. We proudly announce that our respected colleague, Mr Gábor HORNYÁK was appointed by ENISA as one of the 20 international experts to work as a team and shape the first certification scheme following the European Cyber Security Act framework.