3
min reading time
It has now become a tradition that each year JTSEC, an ITSEC consulting company, publishes the annual Common Criteria Statistics Reports, an all-in-one report that collects and analyses all kinds of data on various aspects of the Common Criteria market. We are delighted to share that this year CCLab has made it into to report once again, as we conducted the Common Criteria evaluation project of two products under the Italian Scheme (OCSI).
We have been eagerly waiting to discover what turns the Common Criteria market took in the previous year, and the report has unveiled some surprising points for us. According to the 2022 Common Criteria Statistics Report, there was a slight decrease in the number of certified products last year, with only 370 products receiving a certification, whereas in 2021 there was a record-high number of certifications, reaching 399. In this article, we highlight the significant findings of the report and show the possible reasons behind them.
Meanwhile, 2021 was the year of record-breaking numbers, and the output of 2022 slightly decreased compared to the year prior. The overall historical shows that Common Criteria certifications have been growing from 2018 to 2021. The slight decrease in 2022 suggests that the number of certifications has stabilized on the market.
In 2022, 162 high assurance evaluations (EAL4-EAL7) were carried out, almost reaching the previous year’s volume. The above data shows that the number of high assurance evaluations has stagnated for EAL 4, EAL 5, and EAL 7, while the number of certified products decreased in the low assurance levels.
Products that were certified using low assurance represented 18,65% of all the evaluations last year, which is 4% lower than the percentage in 2021. The rate of high-assurance evaluations had also increased from 41.12% to 44%, meaning that while the number of certifications was lower in 2022 than the year before, there was a higher rate of high-assurance evaluations.
On the other hand, the trend to use Protection Profiles on evaluations has been even larger in 2022. Certifications using a Protection Profile with no EAL assigned were very frequent in 2022. In total, 139 products were certified with a Protection Profile without assigned EAL, representing 37,57% of all certifications in 2022. The statistic for top-used PPs shows that the Protection Profile for Network Devices was the most used in 2022, with 46 certified products.
The Common Criteria Statistics Report of 2022 enables us to better visualize the trends in the market throughout the year and hence estimate its future behavior. In 2022 there was a mild decline in the number of certifications and it is difficult to have a clear conclusion why this happened exactly. In 2023 we are looking forward to continuing the evaluations and hence contributing to the development of the sector.
In case you have questions about the Common Criteria evaluation procedure, don’t hesitate to get in touch with us!
Learn everything you need to know for a successful Common Criteria certification project. Save costs and effort with your checklist.
This downloadable infographics introduces the Common Criteria Evaluation process to you. Explore now for free.
Get your FREE A-Z supporting material for smart meter security standards. Learn more about the Swiss METAS data security evaluation projects of smart metering devices.
As cyber threats become more sophisticated, businesses are compelled to implement rigorous protection strategies to stay compliant and secureCertification labs, like CCLab, play a crucial role in supporting businesses with expert testing, assessment and comprehensive compliance services, and specialized training. These labs offer services ranging from security audits to penetration testing, ensuring businesses remain resilient against evolving cyber threats while meeting regulatory standards. This article explores the indispensable role of certification labs, highlighting how they enhance cybersecurity, ensure compliance, and support a safer digital landscape.
9
min reading time
This year, CCLab sponsored the opening reception of the International Common Criteria Conference (ICCC) in Qatar. Like in previous years, CCLab experts were present during the event meeting the most important stakeholders of Common Criteria. The ICCC is a highly prestigious professional event now in its 23rd year. It provides opportunities for networking and various forums to discuss CC policy and development. It is aimed at participants involved in the specification, development, evaluation, certification, and validation of IT security products and systems.
5
min reading time
In an era where digital threats grow in complexity and frequency, cybersecurity is no longer a secondary consideration but an essential part of manufacturing operations. Compliance with security standards offers manufacturers a structured approach to managing the growing risks of digital threats and securely handling sensitive data. Compliance also helps companies meet industry regulations, protect intellectual property, and avoid potentially devastating financial losses.
8
min reading time