Common Criteria - Site Certification Services
The development and production sites of IT products can be evaluated and certified separately pursuant to the Common Criteria.
The operator of such a site can make an application at Germany's Federal Office for Information Security (German: Bundesamt für Sicherheit in der Informationstechnik, abbreviated as BSI) to have a site certified pursuant to CC. Such site certification occurs, as a rule, with a view towards reusing the results in later certification processes for IT products that are developed or produced at this location. Site certifications make synergies in the product certifications possible if, for example, different products of the same type and possibly from different developing companies are produced at one site.
- CCDB-2007-11-001 Supporting Document Guidance - Site Certification, Version 1.1
- Joint Interpretation Library (JIL) - Minimal Site Security Requirements
The consideration of a site certificate in a product certificate occurs in the scope of the product evaluation in the case of the Common Criteria Lifecycle - ALC assurance class. The particular process rules for inclusion are defined in the specific AIS documents.
Site certificates are not automatically subject to the international recognition agreements, but their inclusion in the results of a site evaluation is supported in the scope of the agreements. The certification body concerned with inclusion makes the individual decisions.
Who should apply
- The ICT product developer;
- The ICT product manufacture. i.e., Wafer Fab., Inlay and Card Production...etc.
We provide but not limited to the following services to support your CC evaluation and certification:
- Site security preliminary assessment with scoping;
- Supporting on site certification preparation and documentation, i.e.,
- Site Security Target (SST);
- CC life-cycle support assurance (ALC).
Initiate and contact
The following information is required to initiate the service discussion:
- Development or production site plan
- Security controls implementation
(PGP Fingerprint: BE11 C1CC BFE2 A3A9 4929 3D1C 10FF C3BE A51C 92F7)