Data coverage

NenkinTracker aggregates Common Criteria and adjacent security-product certification data from official scheme sources, plus CVE data from the NVD. This page documents what we track, how often, and from where.

Certification schemes
7 plus NVD CVE linkage
Update cadence
Continuous (hourly polling)
Temporal coverage
1999–present
Access
Web app · API tiers

Sources

We fetch from each source's canonical portal and de-duplicate certificates across schemes using normalized certificate keys. Document (PDF) versions are content-addressed by SHA-256 to preserve a full revision history. Full per-scheme attribution and trademark acknowledgement lives on the data sources page.

  • Common Criteria (CCRA) — Common Criteria Recognition Arrangement

    Global CC-certified products and archived certificates across 31 CCRA member nations.

    https://www.commoncriteriaportal.org/
  • EUCC — ENISA — EU Cybersecurity Certification Scheme

    Products certified under the EU Cybersecurity Act's Common Criteria-based scheme.

    https://certification.enisa.europa.eu/
  • SESIP — SESIP® (GlobalPlatform)

    IoT and connected-device security evaluations under the SESIP methodology.

    https://globalplatform.org/sesip/
  • EMVCo — EMVCo® Security Evaluation

    Payment terminal, card, and mobile payment security approvals.

    https://www.emvco.com/
  • PSA Certified — PSA Certified™ (GlobalPlatform)

    IoT platform security certifications (Level 1, 2, and 3).

    https://www.psacertified.org/
  • MIFARE — MIFARE® (NXP Semiconductors)

    Contactless smart card product certifications referencing MIFARE technology.

    https://www.mifare.net/
  • ESA — Enabling Security Assessment

    ESA-scheme security assessments for connected products.

    https://www.enabling-security.org/
  • NVD CVEs — NIST National Vulnerability Database

    CVE records linked to certified products, refreshed continuously.

    https://nvd.nist.gov/

Methodology

  1. Fetch — Source-specific fetchers poll each scheme on a schedule, respecting rate limits and robots rules.
  2. Change detection — Artifact hashes are compared against the previous ingestion. Unchanged artifacts are skipped.
  3. Parse & normalize — Raw certificate data is parsed into a structured model with stable certificate keys for cross-scheme de-duplication.
  4. Product matching — Heuristic + rule-based matching links certificates to products and vendors, carrying context across revisions.
  5. Version — Documents (Security Targets, certification reports, maintenance reports) are stored versioned, addressable by content hash.
  6. Link CVEs — NVD CVE records are associated with certified products to surface vulnerability exposure over time.

Citing this data

If you reference NenkinTracker data in research, reports, or procurement documents, please cite:

Nenkin. NenkinTracker Security Certification Dataset. Retrieved from https://nenkin.io/data.