Who it's for

Built for the full certification ecosystem.

Common Criteria certification doesn't stop the day the certificate issues. Maintenance reports land months later. Security Targets and certificate PDFs get quietly re-uploaded — sometimes without a maintenance report, sometimes with no disclosure at all. CVEs keep dropping on certified products for years.

NenkinTracker pulls every Common Criteria scheme into one continuously updated view, fingerprints every document the moment it's published, and tells you the day anything changes — disclosed or not.

Start free View pricing →

The four things manual tracking misses

These are the failure modes we hear most from teams tracking Common Criteria by hand. Each one has a concrete answer in NenkinTracker.

Most common pain

Post-release changes to certified documentation go undisclosed

Without a tracker

A certificate ships, then the scheme quietly re-uploads a modified Security Target or certificate PDF — sometimes without a maintenance report, sometimes with no disclosure at all. Unless you re-download every document on a schedule and diff them yourself, you never see it happen.

With NenkinTracker

Every published document is captured and fingerprinted by SHA-256 on a continuous schedule. When the bytes change — whether it's a formal maintenance report or a silent re-upload — the product gets a new document version with a timestamp, and followers are notified. Nothing ships quietly past you.

Seven scheme portals, seven update cadences, no single source of truth

Without a tracker

BSI, ANSSI, NIAP, SESIP, EUCC, MIFARE, PSA, ESA — each has its own portal, its own release pattern, its own document conventions. Stitching them together into one view is a manual job that never finishes. Your spreadsheet is stale the moment you save it.

With NenkinTracker

NenkinTracker ingests every scheme on a continuous schedule and normalizes them into a single product-centric model. One place. Always current. New certificates, new maintenance reports, new document versions, new CVEs — all reconciled against the product they belong to.

CVEs on certified products don't ping anyone

Without a tracker

NVD publishes a new CVE; a product in your catalog is affected. You find out weeks later from a support ticket, a Google alert, or a customer email.

With NenkinTracker

Linked CVE monitoring on every tracked product. New vulnerabilities on products you follow surface in notifications the day NVD publishes them.

Audit questions need document history you don't have

Without a tracker

“Which version of the Security Target was valid on the shipment date?” — a real audit question with no easy answer unless you version every PDF yourself.

With NenkinTracker

Full document version history with timestamps and scheme-attributed change events. Export audit-ready evidence for any product, any point in time.

Who uses NenkinTracker

The certification ecosystem has several distinct roles. NenkinTracker is designed to serve each of them on the same underlying dataset.

Product owners & vendors

Track your own certified products and the competitive landscape. Know the day a competitor certifies a comparable product, the day a maintenance report changes scope, or the day a CVE lands on one of your SoCs.

  • Follow your products, your competitors' products, and suppliers you depend on
  • Get notified on certificate status changes, new maintenance reports, and document updates
  • Export certificate timelines for customer and partner due-diligence requests

Certification bodies, evaluators & ITSEFs

Reference data for your evaluation work plus a live view of your own issued portfolio. See the full cross-scheme picture without toggling between national portals.

  • Search across CCRA, EUCC, SESIP, PSA, MIFARE, ESA and EMVCo in one query
  • Track the post-certification lifecycle of products you've evaluated — maintenance reports, document updates, and CVE exposure
  • Validate product lineage and protection profile conformance against historical data

CABs, NCCAs & national scheme bodies

Scheme-wide oversight without bespoke tooling. See what's active, what's expiring, what's withdrawn — across your scheme or across the CCRA network.

  • Live, filterable view of every active and expired certificate under your scheme
  • Audit trail of document changes and scheme-level events, preserved historically
  • Cross-scheme context when coordinating mutual-recognition questions with peer NCCAs

Consultants, advisors & procurement teams

Do your homework before an engagement or a purchase order. Every certified product, every version, every vulnerability — research-ready on day one.

  • Build and share product lists with clients or internal stakeholders
  • Check vendor claims against scheme-issued data, not marketing copy
  • Historical timelines for supplier risk and supply-chain certification assessments

See NenkinTracker with your own products

Free tier covers individual tracking. Paid tiers scale to vendor portfolios, CAB workflows, and NCCA oversight.

Get started — Free See the features →