Author: admin

The Impact of Common Criteria on ICT Security Evaluation and Certification

Common Criteria (CC) is a globally recognized standard for evaluating and certifying the security features of eligible Information Technology (IT) products. Established through collaboration between multiple nations, CC provides a unified framework for assessing and comparing the security capabilities of IT solutions. This standardization ensures that products meet predefined security requirements, enhance consumer trust, and facilitate access to international markets.

Impact on ICT Security Evaluation

Common Criteria significantly impact ICT security evaluation by providing a standardized framework for assessing and certifying the security features of IT products and systems. This framework enhances security evaluations’ consistency, reliability, and objectivity, fostering trust and confidence in certified products. Common Criteria’s structured approach ensures that security requirements are clearly defined and met, ultimately contributing to improved cybersecurity practices and the overall resilience of IT solutions in the digital landscape.


Common Criteria’s emphasis on standardization is essential for promoting consistent and reliable security evaluations across various IT products and systems. Standardization involves establishing uniform methodologies and criteria that guide the evaluation process.

The Cybersecurity Act (CSA) provides the legal foundation of EUCC – CSA defines the general framework requirement, while EUCC is a specific scheme within this broader framework. The EUCC leverages the Common Criteria framework. It incorporates evaluation assurance levels (EAL) and vulnerability assessment components (AVA_VAN) to determine the security robustness of ICT products.

It aims to ensure that all ICT products and services adhere to a unified security benchmark, enhancing trust and interoperability within the European cybersecurity landscape. The EUCC facilitates the adoption of secure technologies and promotes a harmonized approach to cybersecurity certification, benefiting businesses and consumers.

News

Challenges in Implementing the Radio Equipment Directive’s Cybersecurity Requirements

The Radio Equipment Directive (RED) plays a pivotal role in the single market for radio equipment. It establishes a regulatory framework that promotes seamless trade, ensures product safety, and enhances consumer protection across the European Union. The inclusion of articles 3.3(d), 3.3(e), and 3.3(f) provides requirements for manufacturers on cybersecurity compliance, introducing new dimensions to the already comprehensive directive.

The Radio Equipment Directive 2014/53/EU is a regulatory framework for placing radio equipment in the market. It sets fundamental requirements for safety and health, electromagnetic compatibility, and effective utilization of radio spectrum by these devices. However, adhering to the directive’s cybersecurity requirements can pose some challenges. In this article, we explore those challenges and provide guidance on how to overcome them.

The Importance of Harmonization
Harmonized standards are European standards developed by recognized European Standards Organizations such as CEN (European Committee for Standardization), CENELEC (European Committee for Electrotechnical Standardization), and ETSI (European Telecommunications Standards Institute). These provide the technical specifications necessary for products to comply with EU legislation, ensuring uniformity and facilitating seamless trade within the European single market.

Currently there is no harmonized standard to cover the cybersecurity aspects of essential requirements of the Radio Equipment Directive. However the standard ETSI EN 303 645 has been widely accepted by the industry and also used as the state of the art by notified bodies for conformity assessment of consumer IoT devices. EU Commission mandated CEN and CENELEC to prepare harmonized standards EN 18031-1, EN 18031-2, and EN 18031-3 that will cover the new cybersecurity requirements for the Radio Equipment Directive. These measures address various aspects of cybersecurity in the EU to ensure that radio equipment is secure, reliable, and compatible across different EU member states.

Furthermore, these measures are crucial in facilitating international trade and boosting economic activity. By providing a common framework, harmonized standards enable manufacturers to operate more efficiently, reduce costs associated with meeting multiple regulatory requirements, and enhance product reliability and safety. However, aligning with these regulations presents several challenges.

News

Got any questions?
Book a free consultation with our expert!

Get in touch with us!


info@teligencia.com

Contact Us

Request a Quote