Kjartan Kvassness Jæger
Co-founder, Nenkin Technologies AS
Kjartan brings two decades of hands-on Common Criteria experience to the Nenkin editorial team. He spent 18 years at the Norwegian national security authority, the last six as Technical Manager of the country’s CC certification scheme, where he represented Norway in the Common Criteria Development Board, the SOG-IS Joint Interpretation Working Group, and ISO SC 27/WG3. Today he also runs Scandicert AS, providing high-assurance certification services to the Dutch government scheme for SESIP IoT platform certifications and eIDAS QSCD evaluations.
Kjartan is the editorial owner of the Nenkin blog and writes about Common Criteria certification, the EUCC framework, and the broader assurance scheme landscape that NenkinTracker tracks day to day.
Areas of expertise
- Common Criteria evaluation and certification
- High-assurance security certification
- Secure hardware: smart cards, SoCs, and Trusted Execution Environments
- SESIP IoT platform certification
- eIDAS QSCD certification for digital signatures
Posts by Kjartan Kvassness Jæger
CAB and Lab Independence in Common Criteria: When the Separation Matters Most
Why independence between the evaluation lab (ITSEF) and certification body matters in Common Criteria and EUCC, and how to apply ISO 31000-style risk assessment to combined lab/CB structures at substantial versus high assurance.
Anatomy of an EUCC Certificate: A Walkthrough of EUCC-3095-2026-01
An EUCC certificate from April 2026, taken apart piece by piece. Cert ID structure, NCCA versus CAB, the document set, EAL choice, and what is distinctive about EUCC compared with classical CCRA certificates.
April 2026 in Common Criteria: 31 New Certifications Across Five Schemes
A monthly recap of what got certified, who shipped it, and what we noticed in the document trail. Plus year-to-date context on a busy first four months of 2026.
Common Criteria in 2026 So Far: 243 Certifications, Heavy on Smart Card Silicon
Where the first four months of 2026 went in Common Criteria and adjacent schemes - issuance volume by month and scheme, top vendors, EAL distribution, and what the data tells us.
The Most-Used Protection Profiles in Common Criteria, by Product Count
Of the 267 Protection Profiles tracked in NenkinTracker, a small number account for the majority of certified products. Here is the head and the long tail.
What Actually Changes After a Product Is Certified
Field notes from monitoring document updates across seven certification schemes - from cosmetic PDF rewrites to substantive changes that arguably warrant re-evaluation.
Common Criteria vs EUCC: A Migration Guide for Vendors and Buyers
EUCC is the EU's regulatory Common Criteria scheme replacing SOG-IS. What changes, what stays the same, and how vendors and buyers should plan the transition.
How to Read a Common Criteria Certificate
A field guide to the parts of a Common Criteria certificate: what each line means, what to verify, and where the real scope of the evaluation actually lives.
SESIP vs Common Criteria: When to Choose Each
SESIP and Common Criteria both certify the security of IT products. They are not interchangeable. A practical comparison for IoT product makers, integrators, and procurement teams.
Which EAL Do I Need? A Procurement Decision Guide
Pick the right Common Criteria Evaluation Assurance Level by working from threat model and procurement requirements, not vendor marketing. A practical decision guide.
Common Criteria vs FIPS 140-3: What's the Difference?
Common Criteria and FIPS 140-3 are both IT security evaluation standards, but they serve different purposes. Learn when each applies and how they compare.
Guide to EAL Levels: What EAL2, EAL4, and EAL5+ Actually Mean
Evaluation Assurance Levels (EAL1-EAL7) determine how rigorously a product is tested under Common Criteria. Learn what each level requires and which one your procurement needs.
Common Criteria Certification Process Explained
A step-by-step guide to how Common Criteria certification works - from preparation to certificate issuance, including timelines, costs, and key participants.
EUCC: What the EU Cybersecurity Certification Scheme Means for Common Criteria
The EUCC brings Common Criteria-based certification under the EU Cybersecurity Act. Learn what changes, who is affected, and what it means for existing CC certificates.
Common Criteria Schemes by Country: BSI, ANSSI, NIAP, and Others
A reference guide to the major Common Criteria certification schemes worldwide - who runs them, what they certify, and how they differ.
Introducing the Nenkin Blog
Welcome to the Nenkin blog - your source for Common Criteria certification news, guides, and industry insights.