We are pleased to present a comprehensive report on the achievements and milestones of last year, summarizing our journey in 2023. The successful integration with QIMA has opened a new chapter in our story, strengthening our strategic positions. Our mission was clear: coordinating synergies while introducing new services and further strengthening our market position. Meticulous planning and joint efforts resulted in a harmonious merger, and celebrating our 10th anniversary in a spirit of innovation and growth.

Our Projects in 2023

Common Criteria Evaluation and Certification

In 2023, we effectively completed a total of 9 already certified and 2 finalized (certifications yet to be published) CC certification projects. We take pride in our collaboration with the following clients to facilitate the certification of their products:

• NXP / ID&Trust - IDentity Applet v3.4-p2/QSCD on NXP JCOP 4 P71 - EAL4+ (AVA_VAN.5)
• NXP / ID&Trust - IDentity Applet v3.4-p2/BAC on NXP JCOP 4 P71 - EAL4+ (ALC_DVS.2)
• NXP / ID&Trust - IDentity Applet v3.4-p2/PACE-EAC1 on NXP JCOP 4 P71 - EAL4+ (ALC_DVS.2, ATE_DPT.2, AVA_VAN.5)
• NXP / ID&Trust - IDentity Applet v3.4-p2/eIDAS on NXP JCOP 4 P71 - EAL4+ (ALC_DVS.2, ATE_DPT.2, AVA_VAN.5)
• Corsec/Qumulo, Inc. - Qumulo Core v5.1.1 - EAL2+ (ALC_FLR.2)
• Ascertia Ltd. - ADSS PKI Server v8 - EAL4
• Corsec / Ivanti, Inc.- Ivanti Security Controls 2022.2 (Version 9.5.9293.0) - EAL2+ (ALC_FLR.2) Versa Networks - Versa Operating System (VOS) 21.2.23 with OS Spack 20230511 running on Versa Cloud Service Gateways - EAL4+ (ALC_FLR.1)
• Tresorit - Tresorit Core Interface v5.0 - EAL4+ (AVA_VAN.5) conforme a CC Parte 3a

Other projects 

Besides Common Criteria consultation and evaluation projects, we successfully served clients in different other areas, such as METAS compliance services for smart metering devices for the Swiss market, IACS (Industrial Automation and Control system) compliance, consultation on IEC 62443 standard, MDR compliance services for medical device manufacturer and consumer IoT device cybersecurity services, product testings based on ETSI 303 645 standard. 

We successfully executed 2 CBTL audits and we have also performed several pentesting projects during 2023.

CCLab introduced new services

The constant evolution and change of cybersecurity drive us to provide our clients with services in many areas of cybersecurity compliance. Last year, we expanded our portfolio with consumer IoT device testing according to the ETSI 303 645 standard and RED (Radio Equipment Directive) cybersecurity compliance services. Downloadable materials have accompanied these to help customers find their way around. 

Consumer IoT Cybersecurity - ETSI EN 303 645

One of the key challenges in the IoT device market is cybersecurity. Because IoT devices are connected to a network, they are vulnerable to cyber attacks that can compromise the confidentiality, integrity, and availability of the device, and the information it processes.

Manufacturers must implement the requirements defined by the ETSI EN 303 645 standard in their products to get them certified. The ETSI EN 303 645 standard includes 33 cybersecurity requirements and 35 cybersecurity recommendations.

CCLab will support your documentation needs by providing you the templates of the DUT (Device Under Test) Identification, the  Implementation Conformance Statement (ICS), and the Implementation of Extra Information for Testing (IXIT), with guidelines on how to fill them out. We evaluate and test your product and issue an evaluation report and you can even get an IECEE CB certification of your product at the end of the project.

Radio Equipment Directive (RED) Compliance 

The Radio Equipment Directive 2014/53/EU (RED) establishes a legal framework for radio equipment by laying down essential electromagnetic compatibility, safety, health, and radio spectrum efficiency standards. New cybersecurity requirements were introduced and took effect on February 1, 2022, and will become mandatory on August 1, 2025, according to the latest decision of the European Commission. This gave manufacturers a 42-month transition period. CCLab helps prepare manufacturers for compliance until the effective date.

New educational downloadable materials

Free infographics and guides

In 2023, we introduced many downloadable materials to support our existing and potential clients with valuable, free professional materials concerning their cybersecurity needs. Our resources, catering to both beginners and experienced users, include ETSI EN 303 645 infographics, a product certification process briefing for consumer IoT manufacturers, and a comprehensive Guide for Radio Equipment Directive (RED) cybersecurity compliance. This material covers the RED directive's purpose, applicable devices, its importance, and guidance on how CCLab can assist with the upcoming deadline to meet the new cybersecurity requirements of the legislation. Additionally, we developed a subscription fee-based Common Criteria training course, called “CCGuide” for IT solution developers. The educational material includes Common Criteria-ready manufacturer document templates for all evaluation classes, explanatory videos, and other useful things to support the preparation for a Common Criteria certification project.

New cybersecurity webinar available on demand

QIMA and CCLab organized a joint webinar on consumer IoT in October 2023.  Mr. Levente Cseh, our Sales Manager, led an insightful webinar on Cybersecurity for Consumer IoT, and the cybersecurity requirements manufacturers must comply with based on ETSI 303 645 standards. The webinar is now available on-demand for free, after a simple registration on our website. Our on-demand QIMA webinar for Consumer IoT manufacturers addresses the latest regulations, challenges, and solutions in ensuring the security of consumer IoT devices, featuring insights on ETSI EN 303-645 standards, the global cybersecurity standard. ‍

Our participation in conferences in 2023

We recognize the significance of remaining abreast of ongoing industry advancements and we believe in continuous development on a personal and corporate level as well. In pursuit of this objective, we engage in continuous learning, developmental initiatives, and conference participation. These gatherings provide valuable opportunities to connect and exchange information with pivotal stakeholders in the market. Additionally, we express gratitude for the invitations to present at such conferences, considering it an honor to share our knowledge with fellow industry professionals. We have attended several informative conferences last year.

ISO/IEC 19790 Cryptographic Module Conference

Mr. Ferenc Molnár, CEO at CCLab joined a panel discussion at the ISO/IEC 19790 Cryptographic Module conference in Brussels on March 28, 2023. The panel aimed to stimulate debate among cryptography experts and promote the need for European-level cryptographic certification.

ICT Round-table Discussion

In September 2023 Mr. Ferenc Molnár, our CEO discussed data management at the ICT Global Tech Leaders conference. The roundtable focused on leveraging data strategically for decision-making, customer experience enhancement, and new business opportunities. Data protection and ethical considerations were key topics.

ICCC Conference, Washington DC 

Mr. Ferenc Molnár, our CEO, and Dr. Katalin Szűcs, COO and Head of Legal, represented CCLab in Washington DC from October 31 to November 2, 2023. The event facilitated discussions on topics like EUCC, EU5G, and AI. You can read a detailed report about the event on our website.

Celebrating CCLab’s 10th Anniversary

Last year was an exceptional year for CCLab, including the commemoration of the 10th anniversary of the founding of the company. Our team celebrated this important milestone with a multi-day event. The event was filled with excitement, heartfelt moments, and learning, mirroring the essence of CCLab's journey over the past 10 years.

10 years ago, CCLab was founded to enhance global cybersecurity. Since then, we've consistently grown and evolved, achieving numerous milestones. Grateful to our clients, colleagues, and partners for contributing to our success. We celebrated a decade of growth and eagerly anticipate the future.

Summary

Last year was filled with exciting new client projects and noteworthy developments for our organization. Our consistent distribution of B2B newsletters has been key in keeping our stakeholders informed about industry trends and our latest updates. Additionally, we've significantly expanded our library of free downloadable materials, offering a diverse range of resources such as important knowledge, and guides. This expansion reflects our commitment to empowering our audience with valuable insights. 

We are proud of the fact that our stable and prepared professional team is growing, while our experienced professional team is continuously developing and growing, and the atmosphere is getting more cheerful, and more and more people can say that we are strengthening the CCLab team. 

We are grateful to have gained the trust of more and more fantastic clients over the past year, either for re-evaluations of existing products or cybersecurity compliance projects for completely new solutions. Thank you for contributing to last year’s success. As we enter 2024, we are excited about the opportunities for growth and collaboration, continuing our mission.