A working feed of every EUCC CAB issuance, plus the national CC certificates feeding it.

What an institutional account sees

• Every EUCC issuance from every accredited CAB - including peer CABs - with the underlying Security Target, Certification Report, and any Maintenance Reports as they publish, and version history when documents are republished.
• The national CC certificate that fed into it, where the EUCC certificate is a transition from a CCRA-recognised national evaluation. Linkage is carried as schemes publish it.
• CVE attribution against the TOE, sourced from NIST NVD and refreshed nightly, attached to the certificate impacted.
• Cross-scheme situational awareness across CCRA national schemes, SESIP, PSA Certified, EMVCo, MIFARE, and ESA - so transitions from a national CC track to EUCC, or onward to a sector-specific scheme, are visible in one feed instead of seven.
• Audit-ready timeline export with hashes - every document version archived with its source URL and fetch timestamp, retrievable as structured CSV / JSON.

Why a CAB or NCCA needs this

The EUCC scheme is decentralised by design - issuances are spread across multiple accredited CABs operating in different member states, with national CC certificates still in the pipeline behind them. Tracking what your peers have certified - and what national CC certificates are feeding into the transition - is operationally important, but no public registry provides it as a queryable, alerting feed. NenkinTracker fills that gap with a tool that already runs the daily ingestion infrastructure across every scheme in the EUCC ecosystem.

Built by people who help write the standard

NenkinTracker is built by Nenkin Technologies AS, a Norwegian (EEA) company. Co-founder Kjartan Kvassness Jæger spent six years as Technical Manager at the Norwegian national security authority and has represented Norway on the Common Criteria Development Board, the SOG-IS Joint Interpretation Working Group, and ISO/IEC JTC1 SC 27 / WG3 for over twenty years. He also runs Scandicert AS, providing high-assurance evaluation services to the Dutch CC scheme covering SESIP IoT and eIDAS QSCD work. The CAB / NCCA conversation is one Kjartan handles directly.

Read more about Nenkin and our team →

Frequently asked questions

What does NenkinTracker provide that an EUCC CAB cannot get from the official registry?

The official EUCC registry lists what each CAB has issued, but it does not expose document version history, link national CC certificates that fed into an EUCC issuance, or surface CVE linkage to the certified product. NenkinTracker indexes the EUCC registry alongside every CCRA national scheme, SESIP, PSA Certified, EMVCo, MIFARE, and ESA - so a CAB can see peer issuances, the source national certificates that preceded a transition, and any CVE published against the TOE in one feed.

How does the CAB / NCCA tier differ from the standard plans?

The tier provides full unlimited access for the institution: every product, every certificate, every scheme - with onboarding support and contractual terms tailored to public-body procurement. Standard plans (User, Professional, Enterprise) are designed for vendor and procurement-side workflows; the CAB / NCCA tier is shaped around situational-awareness needs that institutional users have.

Are NenkinTracker's data and processing aligned with EU expectations for an EUCC ecosystem tool?

NenkinTracker is built by Nenkin Technologies AS, a Norwegian (EEA) company. Document storage and processing run on EU/EEA infrastructure. The data sources we ingest are public scheme registries; we do not handle any classified or protectively-marked material. Specific contractual and data-handling terms can be tailored to your institution's procurement requirements as part of the onboarding conversation.

Can we pilot the platform before committing to a contract?

Yes. We work with CABs and NCCAs who want a six-month pilot window in exchange for honest feedback on the platform - the standard contracting template starts after that. Reach out via Kjartan to set up the pilot.