TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
de
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
        • building trust in the cloud
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
        • the keys to building a platform of trust in cryptography
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
    • u.trust 360
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
        • building trust in the cloud
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
        • the keys to building a platform of trust in cryptography
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
    • u.trust 360
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / solutions / compliance / certifications & approvals / Common Criteria (CC)

Common Criteria (CC)

The Common Criteria (CC) certification standard reduce the need for multiple evaluations in international markets. As such, it limits cost and effort invested into certification processes. By relying on certified, high-quality products, companies can ensure they are implementing the most secure solutions possible.

The Utimaco CryptoServer Se-Series Gen2 is the only Hardware Security Module in the market that has CC-certification based on Protection Profile EN 419221-5. Find us on the official Common Criteria portal.

Utimaco certification

The importance of Common Criteria as internationally recognized evaluation standard for IT security products and components, such as HSM

The Common Criteria for Information Technology Security Evaluation (Common Criteria, CC) is an internationally recognized certification standard for the security of IT products and systems. It was developed by Canada, France, Germany, the Netherlands, the UK, and the U.S. in the mid-90s.

 

Common Criteria logo

The aim of these governments was to unify three major security evaluation standards and their criteria: the European ITSEC, the U.S. TCSEC and the Canadian CTCPEC. This way, products being sold into international markets should no longer be needed to be re-evaluated beforehand.

The Common Criteria Recognition Agreement (CCRA), signed in 2000, regulates mutually recognized CC certifications across different countries. Participants commit to rigorous and standardized evaluation processes to support the high level of confidence in certified products. They strive to reduce the need for multiple evaluations and hereby reduce cost and effort invested into certification processes. The number of evaluated IT products has been increasing since then.

Governments and private-sector enterprises often require Common Criteria evaluations. By relying on certified, high-quality products they can ensure they are implementing the most secure solutions possible. As a result, they can secure IT infrastructures in the most effective way possible and protect business-critical data.

Common Criteria and eIDAS

The U.S. government often relies on products that are listed by the National Information Assurance Partnership (NIAP). Being listed requires a Common Criteria certification. Similarly, the European eIDAS regulation requires a CC evaluation for electronic signatures to qualify as “qualified digital signatures”.

The Regulation N°910/2014 (eIDAS regulation) of the European Parliament and of the Council has triggered the definition of a new Protection Profile. The PP “Cryptographic Module for Trust Services” will be published as official standard EN 419221-5, and defines security requirements at an assurance level EAL4+.

Utimaco Hardware Security Modules is the only HSM in the market to have achieved CC certification

Applications such as authentication, electronic signatures and encryption require strong and securely managed cryptographic keys. HSMs offer the highest level of security when generating, storing, managing and decommissioning high-quality cryptographic keys.

The Utimaco CryptoServer Se-Series Gen2 is the only Hardware Security Module to have been CC-certified based on Protection Profile EN 419 221-5. With this evaluation, we are aiming to make sure that trust service providers (TSP) can offer eIDAS-compliant solutions to their customers.

Does your application require a CC-certified HSM? Get in touch with us at hsm@utimaco.com. We look forward to understanding your requirements and finding the appropriate solution.

Common Criteria key concepts and abbreviations you should be familiar with

  • The target of evaluation (TOE) is the product or system evaluated against CC requirements.
  • The general functionality and especially the security functional requirements (SFR) of the TOE are described in a security target (ST). This security target is preferably based on a recognized Protection Profile (PP), or may alternatively be freely defined by the TOE manufacturer.
  • PPs summarize functional and security requirements for a certain type of product, e.g. a smartcard or a Hardware Security Module (HSM). Or alternatively for a device with use case specific functionality, e.g. a postal security device. The purpose of this is to make multiple products and their certifications comparable with each other.

A CC evaluation verifies the target’s security features in order to confirm claims made about the target of evaluation in the security target.

To qualify and assess the confidence one can place in a product’s security features:

  • Security assurance requirements (SARs) describe the measures taken to ensure compliance of an IT product with the claimed security features or level.
  • Evaluation assurance levels (EALs) correspond to a group of SARs. They go from EAL 1 to EAL 7 and give insight into how extensively and rigorously an evaluation has been executed.
    • EAL 1 is the most basic level and the cheapest to implement.
    • EAL 7 is the strictest and most demanding level, related to higher cost and greater input required.

The CCRA, among others, determines that evaluations with evaluation assurance level up until EAL4 are mutually recognized across participating countries. More often than not, higher EALs will necessitate the inclusion of the national government’s specific requirements.

Stay on top of our news
Don’t miss out on any Utimaco updates

Partners

CewTec S.A. Clearkey Consulting - Utimaco Hardware Security Modules Partner Softline Solutions GmbH Compumatica secure networks B.V. IQuantics Corp CEGA Security Nexus - Utimaco Hardware Security Modules Partner Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner Utimaco HSM - QuintessenceLabs Compumatica secure networks GmbH Fortiedge Pte Ltd. Cryptomathic GmbH VAR Group SpA - Utimaco Hardware Security Modules Partner Altacom UAB Komar Consulting Inc. - Utimaco Hardware Security Modules Partner Fornetix - Utimaco Hardware Security Modules Partner Cyber Armor Pte Ltd CREAplus Italia S.r.l Envoy Data Corporation - Utimaco Hardware Security Modules Partner Utimaco HSM - PTESA_profesionales en transacciones electronicas Abrantix AG Nexus Technology GmbH MALKOM D.Malińska i Wspólnicy s.j. Cryptomathic A/S Rohde & Schwarz Cybersecurity GmbH Safesoft Kft. Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner MIcrosec JJNet International Co., Limited - Utimaco Hardware Security Modules Partner PKI Solutions Inc. cv cryptovision GmbH Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner Telegrupp AS Primekey Solutions AB Cryptomathic Inc. EUROPEAN DYNAMICS SA. Cogito Group Pty Ltd MTG - Utimaco Hardware Security Modules Partner CertiSur S.A. AKEA S.A. - Utimaco Hardware Security Modules Partner ESYSCO Sp. z o.o. Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner PETA (Thailand) Co., Ltd. Versasec intarsys AG CREA plus d.o.o. Encryption Consulting LLC Real security d.o.o. Utimaco HSM - InfoGuard Swiss Cyber Security Thomas-Krenn.AG Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Perceptus-sp.-z-o.-o. PrimeKey Labs GmbH E-Sign S.A. Ascertia - Utimaco Hardware Security Modules Partner Microexpert Limited Macroseguridad Baas Control s.r.o. Nexus - Utimaco Hardware Security Modules Partner SecureMetric Technology Sdn. Bhd.
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
        • building trust in the cloud
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
        • the keys to building a platform of trust in cryptography
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
    • u.trust 360
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research