News
Check out and subscribe to our newsletters
What Are The Advantages of Cybersecurity Compliance for Manufacturers?
8
min reading time
In an era where digital threats grow in complexity and frequency, cybersecurity is no longer a secondary consideration but an essential part of manufacturing operations. Compliance with security standards offers manufacturers a structured approach to managing the growing risks of digital threats and securely handling sensitive data. Compliance also helps companies meet industry regulations, protect intellectual property, and avoid potentially devastating financial losses.
Securing IIoT Systems: An Analysis of Key Vulnerabilities and Threats in Manufacturing Industries
7
min reading time
The Industrial Internet of Things (IIoT) has transformed the manufacturing industry, enabling real-time monitoring, improved operational efficiency, and better decision-making processes. IIoT systems integrate industrial equipment with advanced data analytics and cloud connectivity, creating smarter, more autonomous industrial environments. However, the rise of IIoT systems has also introduced significant cybersecurity challenges. As more devices connect to networks, vulnerabilities and threats in manufacturing systems increase, requiring robust security measures to protect sensitive data and ensure operational continuity.
Enhancing eIDAS with Common Criteria: Security and Interoperability in the EU
7
min reading time
The European Union's digital infrastructure is continuously evolving to facilitate secure, cross-border electronic transactions. In this context, two crucial frameworks—the eIDAS regulation and the Common Criteria standard— play pivotal roles. eIDAS (Electronic Identification, Authentication, and Trust Services) aims to unify and enhance electronic identification systems across the EU. Meanwhile, the Common Criteria standard offers a comprehensive framework for evaluating the security of IT products and systems.
Consumer IoT and Cybersecurity: How to Implement a Secure Development Lifecycle for Products
8
min reading time
The rise of the Internet of Things (IoT) has revolutionized how we interact with technology. Consumer IoT devices are now deeply integrated into the fabric of modern life, from smart home appliances, wearable gadgets, and connected vehicles to health monitors and voice assistants. However, the increased connectivity provided by consumer IoT products also introduces a broader attack surface for cyber threats.
The Benefits and Challenges of Implementing ETSI EN 303 645 for Consumer IoT Devices
7
min reading time
As consumer IoT devices become more prevalent, ensuring their security is critical to protecting user data and maintaining trust in the expanding IoT ecosystem. One of the most recognized standards for securing these devices is ETSI EN 303 645, which provides a set of baseline requirements for safeguarding consumer IoT products. This standard, introduced by the European Telecommunications Standards Institute (ETSI), addresses common vulnerabilities in consumer IoT devices and establishes guidelines for manufacturers to create more secure, robust, and compliant products.
Navigating RED Directive 2014/53/EU: Compliance Strategies for Manufacturer Success
9
min reading time
The global market for radio equipment is rapidly expanding, driven by the increasing adoption of wireless technologies in various sectors. However, manufacturers looking to enter or sustain their presence in the European market must navigate the stringent requirements of Directive 2014/53/EU, commonly known as the Radio Equipment Directive (RED).
Common Criteria Assurance Levels: An Overview of the Evaluation Criteria and Methodology
7
min reading time
The EUCC scheme, spearheaded by the European Union Agency for Cybersecurity (ENISA), was released in early 2024. It builds on the SOG-IS Common Criteria evaluation framework already used by 17 EU Member States.
How to Choose the Best Cybersecurity Certifications for Your Business
11
min reading time
In today's interconnected world, the landscape of cybersecurity is continuously evolving. With the proliferation of digital technologies and the internet, businesses are increasingly exposed to cyber threats. The risks are numerous and ever-changing, from data breaches and malware attacks to phishing schemes and ransomware. In this context, identifying the best cybersecurity certifications that suit your business needs becomes crucial.
Strategic Integration of Cybersecurity Certificate Requirements in ICT Products
8
min reading time
ICT (Information and Communication Technology) products, encompassing a wide range of digital devices and software, are inherently vulnerable due to their complexity and the ever-present potential for undiscovered security flaws. The interconnected nature of these products further amplifies the risk, as a single vulnerability can lead to widespread security breaches across networks and systems. To mitigate these risks, the strategic integration of cybersecurity certification requirements in ICT products has become paramount.
How to Prepare and Apply for EUCC Certification for Your Product
10
min reading time
The new Common Criteria Scheme, called the European Cybersecurity Certification Scheme (EUCC), is essential for harmonizing high-security cybersecurity certification of ICT products across EU member states. It facilitates mutual recognition of certifications, supports innovation, and ensures compliance with legal requirements. Fully effective from February 2025, the EUCC aims to provide a unified and robust framework for evaluating IT products, boosting consumer trust, and fostering a more secure digital environment.
Challenges in Implementing the Radio Equipment Directive’s Cybersecurity Requirements
9
min reading time
The Radio Equipment Directive (RED) plays a pivotal role in the single market for radio equipment. It establishes a regulatory framework that promotes seamless trade, ensures product safety, and enhances consumer protection across the European Union. The inclusion of articles 3.3(d), 3.3(e), and 3.3(f) provides requirements for manufacturers on cybersecurity compliance, introducing new dimensions to the already comprehensive directive.
.webp)
The Impact of Common Criteria on ICT Security Evaluation and Certification
9
min reading time
Common Criteria (CC) is a globally recognized standard for evaluating and certifying the security features of eligible Information Technology (IT) products. Established through collaboration between multiple nations, CC provides a unified framework for assessing and comparing the security capabilities of IT solutions. This standardization ensures that products meet predefined security requirements, enhance consumer trust, and facilitate access to international markets.
Press Release: The first Hungarian cybersecurity laboratory has been established under the IECEE CB scheme
2
min reading time
CCLab Ltd. has successfully completed the CBTL audit and obtained authorization as a CB Testing Laboratory (CBTL) under the international IECEE CB scheme. Based in Hungary, CCLab successfully extended its cybersecurity testing, evaluation, and certification capabilities officially on 24th May 2024, for consumer IoT devices compliant with ETSI EN 303 645 and industrial automation and control systems specialized in IEC 62443-4-1 /4-2 standards within the IECEE CB scheme. Certificates issued under the CB scheme are currently accepted in over 50 countries.
How the Radio Equipment Directive Impacts the Cybersecurity of Wireless Devices in the EU
8
min reading time
In an era where cybersecurity hazards loom large, the European Union's updated Radio Equipment Directive (RED) represents a transformative shift in safeguarding wireless devices. This directive, with new delegated regulations effective from August 2025, mandates enhanced network protection, stringent personal data privacy measures, and proactive anti-fraud strategies for all wireless devices entering the EU market. Manufacturers are now challenged to integrate advanced security features into consumer IoT devices to meet these stringent requirements. Discover how these regulatory changes are shaping the future of wireless device cybersecurity and fostering a more secure and trustworthy digital environment for consumers across Europe.
CC2022: What to Expect from The New Update
9
min reading time
In cybersecurity, the Common Criteria (CC) is a cornerstone that provides a standardized framework for evaluating the security capabilities of eligible IT products. It is a vital tool for manufacturers seeking to assess the effectiveness and reliability of security solutions in the face of evolving threats. However, as technology advances at an unprecedented pace, the challenges faced by IT security professionals continue to grow. The new version of the CC (CC:2022 Revision 1) was published in November 2022.
Common Criteria Certification Process: Costs and Challenges
7
min reading time
The Common Criteria certification stands as a cornerstone in cybersecurity, offering an internationally recognized benchmark for assessing the security attributes of eligible IT products. Recently, significant shifts have been noted in the landscape of Common Criteria, particularly in the transition from SOG-IS to EUCC. This transition, anticipated to have a profound impact, highlights the evolution of the certification scheme within the European Union.
How to get ready for NIS2 Compliance?
5
min reading time
The NIS Directive was the EU's inaugural cybersecurity legislation, aiming to establish a unified high level of cybersecurity across Member States. Although it bolstered cybersecurity capabilities, its implementation encountered challenges, leading to fragmentation within the internal market. NIS2 becomes legally binding in 2024, with Member States having until October 17, 2024, to transpose the Directive into their national legislation.
Common Criteria Certification: How to Prepare and Apply
9
min reading time
In today's digital landscape, where cybersecurity threats loom large, and trust is paramount, Common Criteria certification emerges as a beacon of assurance. This globally recognized standard sets the bar for IT product security, instilling confidence in customers, stakeholders, and regulatory bodies. Beyond mere validation, it serves as a shield against potential risks, fortifying organizations' defenses and fostering a culture of safety in the digital realm.
Consumer IoT: The Opportunities and Risks of the Emerging Market for Smart Home and Wearable Devices
7
min reading time
Consumer IoT, or Consumer Internet of Things, represents a significant paradigm shift in our interaction with technology, promising enhanced efficiency and personalized experiences in our daily lives. However, alongside these promises come new challenges for developers and manufacturers, particularly in privacy, security, and regulation. Navigating this emerging landscape requires a comprehensive understanding of its potential and pitfalls.
How To Access International Markets Faster Through IECEE CB Scheme Certification
9
min reading time
Businesses continually seek avenues to expand their market reach and drive profitability in the dynamic global commerce landscape. Among the myriad strategies available, leveraging international standards and certifications is paramount to facilitating market access. One such pivotal certification framework is the IECEE CB Scheme. In this comprehensive guide, we delve into the intricacies of the scheme, elucidating its significance, benefits, and the streamlined process it offers for accessing international markets with unparalleled efficiency.
How ETSI EN 303 645 is Shaping the Future of consumer IoT Cybersecurity
6
min reading time
In today's interconnected world, the Internet of Things (IoT) has become an integral part of our daily lives, from smart homes to industrial automation. However, with the proliferation of IoT devices, security concerns have emerged as a significant challenge. In response to these challenges, the European Telecommunications Standards Institute (ETSI) developed the ETSI EN 303 645 standard, reshaping the landscape of consumer IoT cybersecurity.
EUCC: A New Cybersecurity Scheme for Evaluating and Certifying Products in Europe
8
min reading time
In the continually evolving cybersecurity landscape, ensuring the safety and reliability of Information and Communication Technology (ICT) products has become more crucial than ever. The European Common Criteria-based Cybersecurity Certification Scheme (EUCC) is a groundbreaking and indispensable scheme to meet this pressing need. Enacted within the Cybersecurity Act certification framework, the new scheme is a pioneering initiative to establish a unified certification framework for a diverse range of ICT products. This ambitious endeavor heralds a transformative era in cybersecurity practices throughout the European Union.
CCLab In Numbers 2023
6
min reading time
We are pleased to present a comprehensive report on the achievements and milestones of last year, summarizing our journey in 2023. The successful integration with QIMA has opened a new chapter in our story, strengthening our strategic positions. Our mission was clear: coordinating synergies while introducing new services and further strengthening our market position. Meticulous planning and joint efforts resulted in a harmonious merger, and celebrating our 10th anniversary in a spirit of innovation and growth.
Evaluation Assurance Level: How To Choose The Right Level of Security For Your Product
5
min reading time
In the cybersecurity landscape, the Common Criteria Evaluation Assurance Level (EAL) is a critical factor in determining the security posture of a product. The EAL chosen for a product can significantly impact its security measures, evaluation processes, and user trust. This article delves into the importance of selecting the right EAL and the consequences of misjudgment and provides a step-by-step guide to aid in this crucial decision-making process.
Common Criteria Protection Profile Library: A Repository of Trusted Security Standards
8
min reading time
Ensuring the trustworthiness of IT products and systems is essential for users and the broader digital ecosystem. One critical aspect of this assurance comes from the evaluation and certification processes defined by the Common Criteria Protection Profile (CC PP) library. In this article, we delve into the significance of Protection Profiles in the certification process and explore some of the most common profiles contributing to information security's robustness.
Common Criteria Evaluation Assurance Levels - From EAL 1 To EAL 4
11
min reading time
Common Criteria is a robust framework for evaluating and certifying the security features of IT products, with the Evaluation Assurance Level (EAL) serving as a crucial measure of security evaluation depth and rigor. In this article, we will explore the various Common Criteria security levels and their significance in ensuring the robustness of IT products.
CCLab’s report on ICCC 2023, Washington
6
min reading time
The annual International Conference on Common Criteria (ICCC) stands as a high-level technical conference. Celebrating its 21st year, this event provides a platform for professional networking and discussion forums on CC policy and implementation for those involved in the specification, development, assessment, certification, and validation of IT security for products and systems.
What are the main steps of Common Criteria evaluation?
10
min reading time
Our new article will provide you with valuable information if you are considering getting your IT security product or technology CC-certified or if you are interested to know more about the Common Criteria evaluation process.
Security Functional and Assurance Requirements for Common Criteria Certification
9
min reading time
Common Criteria Certification is pivotal in ensuring that the products we rely on remain resilient in an ever-evolving realm of cyber threats. It represents a dynamic standard that adapts to address emerging challenges, thereby compelling IT devices and systems to sustain their effectiveness against evolving threats. But what are the requirements that need to be met in order for a product to be CC certified? This article delves into the intricacies of Security Functional and Assurance Requirements for CC certification, shedding light on the essential aspects that define its significance.
Radio Equipment Directive: This is What it Involves
4
min reading time
With the ever-increasing integration of wireless technology into our daily lives, ensuring the cybersecurity and safety of wireless devices has become a paramount concern. The European Commission addressed this issue by introducing the Delegated Regulation 2022/30. The new regulation enforces cybersecurity rules for consumer IoT radio equipment, replacing previous requirements in Article 3(3) of RED Directive. This article will provide a thorough overview of the new directive, focusing on essential information required for achieving compliance during the transition period.
Unlocking Cost-Saving Advantages with Industrial IoT
10
min reading time
The Industrial Internet of Things (IIoT) is revolutionizing the industrial landscape by enabling the seamless integration of machines, devices, sensors, and software systems. It leverages the power of connectivity and data analytics to improve operational efficiency, optimize resource utilization, enhance asset tracking and management, ensure quality improvement, increase safety, streamline decision-making, and drive automation. In this article, we explore the cost-saving advantages IIoT offers and the challenges and solutions associated with its implementation.
Interview with Ferenc Molnár CEO of CCLab about the importance of RED Directive
12
min reading time
In this insightful interview, Ferenc Molnár, founder and CEO of CCLab discusses the critical importance of wireless device cybersecurity in today's digital landscape. The interview provides valuable insights into the importance of collective efforts in safeguarding our digital world and also delves into the upcoming regulatory changes, specifically the Radio Equipment Directive (RED), introduced by the European Union (EU).
Most Important Parts of ETSI EN 303 645 Standard: Enhancing Cybersecurity for Consumer IoT Devices
12
min reading time
The proliferation of consumer IoT (Internet of Things) has brought numerous conveniences to our lives but has also introduced new cybersecurity challenges. In 2019 the European Telecommunications Standards Institute (ETSI) recognized this need and developed the ETSI EN 303 645 standards, the first global standard focusing on cybersecurity for consumer IoT devices. This article will explore the critical aspects of the ETSI EN 303 645 standard and its significance in protecting against potential cyber threats
Medical Device Cybersecurity: Protecting Patient Safety and Privacy
9
min reading time
With the advent of network-connected medical devices, healthcare has witnessed significant advancements, enabling remote monitoring and managing patient health. However, the increasing connectivity of medical devices has also brought growing concerns regarding cybersecurity breaches. In this article, we explore the severity of medical device cybersecurity issues, the importance of proper cybersecurity measures, and the regulations to address these concerns.
Committed since 2013 to make the world a more secure place- Happy 10th Birthday CCLab!
3
min reading time
CCLab reached an important milestone in 2023, as it celebrated its 10th anniversary on April 3. The entire team celebrated this significant event with a 2-day trip at the breathtaking Avalon Resort & Spa in Miskolctapolca at the beginning of May. This remarkable event was full of excitement, heartfelt moments, and learning, just as CCLab has been for the past 10 years.
Internet of Medical Things - how to prepare your product for cybersecurity evaluation
11
min reading time
The Internet of Medical Things (IoMT) has transformed the healthcare sector worldwide by allowing continuous remote patient monitoring, real-time data collecting, and improved treatment results. According to a recent analysis by Grand View Research, Inc., the global IoMT market is predicted to reach USD 861.3 billion by 2030 and to increase at a 16.8% CAGR from 2023 to 2030.
Common Criteria Statistics Report 2022
3
min reading time
It has now become a tradition that each year JTSEC, an ITSEC consulting company, publishes the annual Common Criteria Statistics Reports, an all-in-one report that collects and analyses all kinds of data on various aspects of the Common Criteria market. We are delighted to share that this year CCLab has made it into to report once again, as we conducted the Common Criteria evaluation project of two products under the Italian Scheme (OCSI).
What is IIoT and which industries does it impact?
11
min reading time
The Industrial Internet of Things (IIoT) has emerged as a game changer for manufacturers and developers looking to optimize processes and increase the efficiency of different industries by establishing intelligent networks that connect equipment, sensors, and systems. In 2021, the global market for IIoT platforms and apps for manufacturing industries was estimated to be worth 4.4 billion US dollars. The market is predicted to expand in the following years, reaching 22.3 billion US dollars in 2025.
Consumer IoT security issues you should consider - and how to avoid them
8
min reading time
According to IoT Analytics’s latest report, the number of worldwide Internet of Things (IoT) connections increased by 8% in 2021 to 12.2 billion active endpoints in May 2022. This was much lower growth than in the years preceding the COVID-19 epidemic. The slower increase was mostly due to supply concerns rather than demand, which remains high owing to all of the potential enabled by IoT devices and systems.
Internet of Medical Things cybersecurity - it is more important than ever
7
min reading time
In recent years, the Internet of Things (IoT) has grown from arising technological innovations and inventions to devices and equipment that form part of our daily lives. Smart cars, office buildings, homes, and industries, as well as wearable devices and smart sensors, are ushering in a new era of digitization. However, there are sectors -such as healthcare-, in which IoT is of particular importance.
Wireless security risk: The importance of Bluetooth devices’ Common Criteria certification
6
min reading time
In parallel with the explosive development of digitalization and online work, worrisome statistics regarding cyberattacks are expanding yearly. The outbreak of the pandemic in 2020 significantly increased the wireless security risk and contributed even more to the success of cybercriminals, as many companies had to switch to the home office or hybrid work model almost overnight without any preparation.
NDcPP, the Common Criteria Protection Profile for Networked Devices
9
min reading time
The latest version of the Network Device collaborative Protection Profile (NDcPP) was released in March 2020. NDcPP currently is one of the most popular and extensively used protection profiles among network device vendors and manufacturers to get their product certified.
Medical Device Regulation - a brief overview from a cybersecurity perspective
8
min reading time
According to Cynerio, a healthcare IoT cybersecurity company, 53% of connected medical equipment in hospitals has a known critical cybersecurity vulnerability. A third of bedside connected devices used in healthcare settings have an identified critical risk, which is definitely more worrying in terms of patient safety. This is just one of the many reasons why on 5th April 2017, the European Parliament voted to adopt the awaited Medical Device Regulation (MDR) and In vitro Diagnostic Regulation (IVDR). One of the most critical goals of the new Regulations is to strengthen medical device cybersecurity.
We help with automotive cybersecurity - this is how
7
min reading time
Based on Upstream’s - a cybersecurity and data management platform for connected vehicles - latest report, the frequency of cyberattacks on cars increased 225% from 2018 to 2021. This data perfectly represents the importance of strengthening automotive cybersecurity for the entire industry. In our article below, we provide insight into this topic and its possible solutions. We explain why international cybersecurity standards and regulations are extremely important. Moreover, you can learn how we support automotive cybersecurity at CCLab.
Why is cybersecurity important in smart metering?
6
min reading time
The global market for Smart Meters, estimated at US$10.5 billion in 2020, is predicted to grow at a CAGR of 6.7 percent, reaching US$15.2 billion by 2026. Based on the latest available data, U.S. electric utilities have about 102.9 million smart meter device (AMI) installations while 26.4 million homes and small businesses are equipped with smart and advanced meters in Great Britain.
What is a smart metering device, and what kind of cybersecurity requirements does it have to comply with?
6
min reading time
Smart meters are progressively being adopted globally for a variety of deployments, including electricity, gas, and water. Their two-way communication feature enables real-time tracking of utility usage by both the utility supplier and the consumer.
How to protect your business' Industrial Control Systems?
7
min reading time
Did you know that in the first half of 2021, 33.8% of Industrial Control Systems’ (ICS) computers were attacked, which is 0.4% points (p.p.) higher than in H2 2020? This means that only in the first 6 months of last year, over one-third of ICSs suffered some kind of cyber attack in the world.
With great interest, we held the second part of our Common Criteria, The Security Passport workshop
2
min reading time
It proved to be a good decision to continue our workshop on Common Criteria on 9th June 2022. Many professionals attended to get first-hand information and updates from the world of CC and there has also been a lot of interest in CCGuide, our new educational material.
Common Criteria: can this article give you an answer to all of your questions?
9
min reading time
You probably heard about Common Criteria, but you might be unsure what it means and whether you should get your product or system certified. We will go into detail about this topic so that, in the end, the concept of Common Criteria is going to be perfectly clear.
What Can We Learn From Google Zero's Statistics about Flaw Remediation?
5
min reading time
We all use certain computer products with their software and different applications installed. We never think about opening the window for cyber attacks as we usually believe the software products are safe enough. During a research, Google team has found many vulnerabilities in software used by a great amount of users.
Common Critera, The Security Passport- Part 2.
3
min reading time
We continue our Common Criteria workshop series, join us on 9th June 2022! Insights and updates from the world of CC, so as first-hand information and advice on preparation will be shared with the attendees. CCGuide, a new supporting tool will be introduced to developers who are willing to start a new Common Criteria certification project.
MDR compliance 101: The MDR compliance procedure and its complexities Part 4.
4
min reading time
Medical device cybersecurity solutions, MDR IVDR compliance. The latest article in our medical device cybersecurity related blog series has arrived. Today, we will explain the MDR compliance procedure and its possible complexities that everyone needs to know who has to conform with these regulations and obtain a CE certification.
EUCC - A New Cybersecurity Scheme for the Certification of ICT Products in Europe
2
min reading time
EUCC is a new certification scheme for ICT products that uses internationally recognized best practices and additional concepts used in Common Criteria. Why this is needed and what to expect, read on!
We held our Common Criteria, The Security Passport workshop
3
min reading time
The invited keynote speakers and our team members presented different points of view and it has created a really interesting workshop with nearly 40 participants from different parts of the world, representing a number of respected companies.
MDR Compliance 101: Medical device vulnerabilities and their solution Part 2.
4
min reading time
Medical devices have been around for decades, however they weren’t built with cybersecurity in mind. Even though these connected devices, like insulin pumps, peacemakers or smart MRI scans gain popularity with an increasing speed, their security consideration still lags behind when compared to other IoT devices intended for industrial usage.
Common Criteria, The Security Passport: 1 topic from 4 perspectives
2
min reading time
Our aim is to share practical information and recommendations not only to those who are still be planning Common Criteria evaluation, but also those who have already been involved in such a process.
MDR compliance 101: Medical devices from cybersecurity point of view Part 1.
6
min reading time
IoT healthcare devices are relatively new on the market, and they are gaining popularity with an ever-increasing speed. However, as medical device manufacturers are building devices with healing and state-of-the-art technology in mind, they frequently forget about the security of these tools.
Booming demand for Smart Meters in APAC, but what about reliability & security?
3
min reading time
In 2017, Global Marketing Insights valued the market size of Asia Pacific Smart Water Metering at over USD 85 million and estimated that the annual installation rate will exceed 6 million units by 2024. A year later, in 2018, this number grew significantly.
European Union to regulate IT security of critical infrastructures
4
min reading time
Cybercriminals are no longer seeking to steal personal information only, like credit card details from private individuals, but attempt to hinder or debilitate the operation of online infrastructures that can cause serious upheaval in real life, and is a matter of national security.
How smart healthcare makes hacking a lethal weapon
3
min reading time
Cybersecurity professionals have been alarming the healthcare industry about the threat of exploitation of smart healthcare devices and the doctors’ over-dependence on them until sadly, their warnings became reality, and a person lost her life in a ransomware attack in a German hospital last year.
CCLab's professional contribution to the cybersecurity industry
1
min reading time
Our professionals at CCLab are dedicated to contributing to the cybersecurity industry. Our aim is to help the profession by active participation in many professional forums, where our knowledge and experience could add value.
Certification scheme under the Cyber Security Act
1
min reading time
Being a member of the Ad Hoc Working Group Gábor will represent CCLAB and Hungary on the highest professional level. We proudly announce that our respected colleague, Mr Gábor HORNYÁK was appointed by ENISA as one of the 20 international experts to work as a team and shape the first certification scheme following the European Cyber Security Act framework.
