Nenkin Wiki - Common Criteria Knowledge Base Updates

Nenkin Wiki - Common Criteria Knowledge Base UpdatesUpdates to the Nenkin Wiki: Common Criteria, EAL levels, Protection Profiles, and the certification scheme landscape.https://nenkin.io/Beyond Common Criteria: SESIP, PSA, ESA, EMVCo, and MIFAREhttps://nenkin.io/wiki/non-cc-certification-schemes/https://nenkin.io/wiki/non-cc-certification-schemes/The non-CC certification schemes that matter for IoT, payment, and chip-platform security - and how they relate to Common Criteria.Tue, 05 May 2026 00:00:00 GMTSecurity Target (ST) - Common Criteria Document Typehttps://nenkin.io/wiki/security-target/https://nenkin.io/wiki/security-target/What a Security Target is, how it differs from a Protection Profile, and what each section of an ST contains under Common Criteria (ISO/IEC 15408).Wed, 29 Apr 2026 00:00:00 GMTCommon Criteria Certificate Validity and Expiryhttps://nenkin.io/wiki/cc-certificate-validity/https://nenkin.io/wiki/cc-certificate-validity/How long Common Criteria certificates last, what happens when they expire, and how schemes handle archived, withdrawn, and re-evaluated certificates.Wed, 29 Apr 2026 00:00:00 GMTEUCC vs CCRA - How the Two Common Criteria Frameworks Relatehttps://nenkin.io/wiki/eucc-vs-ccra/https://nenkin.io/wiki/eucc-vs-ccra/EUCC is the EU's regulatory Common Criteria scheme; CCRA is the international mutual-recognition arrangement. They share the same standard but differ on scope, governance, and recognition.Wed, 29 Apr 2026 00:00:00 GMTOCSI - Italy's Common Criteria Schemehttps://nenkin.io/wiki/schemes/ocsi/https://nenkin.io/wiki/schemes/ocsi/OCSI (Organismo di Certificazione della Sicurezza Informatica) is Italy's national Common Criteria certification body, operating under the Italian Cybersecurity Agency (ACN).Wed, 29 Apr 2026 00:00:00 GMTCCN - Spain's Common Criteria Schemehttps://nenkin.io/wiki/schemes/ccn/https://nenkin.io/wiki/schemes/ccn/CCN (Centro Criptológico Nacional) is Spain's national Common Criteria certification body, operated under the Spanish National Intelligence Centre (CNI).Wed, 29 Apr 2026 00:00:00 GMTEAL1 - Functionally Testedhttps://nenkin.io/wiki/eal/eal1/https://nenkin.io/wiki/eal/eal1/EAL1 is the lowest Common Criteria assurance level: independent confirmation that a product behaves as documented. Suitable when threats are low and trust in the vendor is adequate.Mon, 20 Apr 2026 00:00:00 GMTCommon Criteria Glossaryhttps://nenkin.io/wiki/glossary/https://nenkin.io/wiki/glossary/Definitions of Common Criteria (ISO/IEC 15408) terms: EAL, PP, ST, TOE, SFR, SAR, TSF, CCRA, EUCC, SESIP, cPP, and more.Mon, 20 Apr 2026 00:00:00 GMTBSI - Germany's Common Criteria Schemehttps://nenkin.io/wiki/schemes/bsi/https://nenkin.io/wiki/schemes/bsi/BSI (Bundesamt für Sicherheit in der Informationstechnik) is Germany's Common Criteria certification body and one of the largest authorizing schemes under the CCRA.Mon, 20 Apr 2026 00:00:00 GMTEAL2 - Structurally Testedhttps://nenkin.io/wiki/eal/eal2/https://nenkin.io/wiki/eal/eal2/EAL2 is the workhorse Common Criteria assurance level: a high-level design review with independent vulnerability analysis, and the CCRA mutual-recognition cap for non-cPP evaluations.Mon, 20 Apr 2026 00:00:00 GMTANSSI - France's Common Criteria Schemehttps://nenkin.io/wiki/schemes/anssi/https://nenkin.io/wiki/schemes/anssi/ANSSI (Agence nationale de la sécurité des systèmes d'information) operates France's national CC scheme and is a major issuer of high-assurance smart card and embedded certificates.Mon, 20 Apr 2026 00:00:00 GMTEAL3 - Methodically Tested and Checkedhttps://nenkin.io/wiki/eal/eal3/https://nenkin.io/wiki/eal/eal3/EAL3 extends EAL2 with development environment security controls, systematic life-cycle definition, and deeper test coverage. Less common than EAL2 or EAL4 in practice.Mon, 20 Apr 2026 00:00:00 GMTNIAP - The U.S. Common Criteria Schemehttps://nenkin.io/wiki/schemes/niap/https://nenkin.io/wiki/schemes/niap/NIAP (National Information Assurance Partnership) runs the U.S. Common Criteria scheme and mandates exact-conformance evaluations against approved Protection Profiles.Mon, 20 Apr 2026 00:00:00 GMTEAL4 - Methodically Designed, Tested, and Reviewedhttps://nenkin.io/wiki/eal/eal4/https://nenkin.io/wiki/eal/eal4/EAL4 is the highest assurance level generally achievable on commercial products without re-engineering for assurance. Standard for smart cards, HSMs, and many government-used products.Mon, 20 Apr 2026 00:00:00 GMTCCCS - Canada's Common Criteria Schemehttps://nenkin.io/wiki/schemes/cccs/https://nenkin.io/wiki/schemes/cccs/The Canadian Centre for Cyber Security (CCCS) operates Canada's CC scheme, emphasising collaborative Protection Profile evaluations and Technical Community participation.Mon, 20 Apr 2026 00:00:00 GMTEAL5 - Semiformally Designed and Testedhttps://nenkin.io/wiki/eal/eal5/https://nenkin.io/wiki/eal/eal5/EAL5 introduces semiformal design notation, full implementation representation, and covert channel analysis. Typical for smart card ICs and high-assurance OS kernels.Mon, 20 Apr 2026 00:00:00 GMTJISEC - Japan's Common Criteria Schemehttps://nenkin.io/wiki/schemes/jisec/https://nenkin.io/wiki/schemes/jisec/JISEC is Japan's Common Criteria certification scheme, operated under IPA, covering copiers and MFPs, network products, and a range of IT security products.Mon, 20 Apr 2026 00:00:00 GMTEAL6 - Semiformally Verified Design and Testedhttps://nenkin.io/wiki/eal/eal6/https://nenkin.io/wiki/eal/eal6/EAL6 requires semiformal verification of design correspondence and layered internals, paired with High attack potential vulnerability analysis. Rare, reserved for high-risk TOEs.Mon, 20 Apr 2026 00:00:00 GMTSERTIT - Norway's Common Criteria Schemehttps://nenkin.io/wiki/schemes/sertit/https://nenkin.io/wiki/schemes/sertit/SERTIT is Norway's Common Criteria certification body, operated under NSM, issuing CC certificates recognized across CCRA member nations.Mon, 20 Apr 2026 00:00:00 GMTEAL7 - Formally Verified Design and Testedhttps://nenkin.io/wiki/eal/eal7/https://nenkin.io/wiki/eal/eal7/EAL7 is the highest Common Criteria assurance level: formal verification that the TOE design implements the security policy, for TOEs small enough to be amenable to mathematical proof.Mon, 20 Apr 2026 00:00:00 GMTKCMVP - Korea's Cryptographic Module Validation Programmehttps://nenkin.io/wiki/schemes/kcmvp/https://nenkin.io/wiki/schemes/kcmvp/KCMVP is South Korea's national validation programme for cryptographic modules used by Korean public institutions, run by the NSR under the National Intelligence Service.Mon, 20 Apr 2026 00:00:00 GMTEUCC Overview - EU Common Criteria Certification Schemehttps://nenkin.io/wiki/schemes/eucc-scheme/https://nenkin.io/wiki/schemes/eucc-scheme/EUCC overview: the European Union's Common Criteria-based cybersecurity certification scheme, adopted under the EU Cybersecurity Act and replacing SOG-IS for member states. Updates, structure, and how it relates to CCRA.Mon, 20 Apr 2026 00:00:00 GMTSESIP Overview - Security Evaluation Standard for IoT Platformshttps://nenkin.io/wiki/schemes/sesip-scheme/https://nenkin.io/wiki/schemes/sesip-scheme/SESIP overview: GlobalPlatform's Common Criteria-aligned security evaluation methodology for IoT platforms and components, defining the lighter-weight SESIP 1-5 assurance levels and how they map to CC.Mon, 20 Apr 2026 00:00:00 GMTEMVCo - Payment Product Security Evaluationhttps://nenkin.io/wiki/schemes/emvco/https://nenkin.io/wiki/schemes/emvco/EMVCo runs independent security evaluation programmes for payment terminals, smart cards, and mobile payment components on behalf of the major payment networks.Mon, 20 Apr 2026 00:00:00 GMTPSA Certified - IoT Security Certification from Arm and Partnershttps://nenkin.io/wiki/schemes/psa-certified/https://nenkin.io/wiki/schemes/psa-certified/PSA Certified is a tiered IoT security certification programme co-authored by Arm, Brightsight, CAICT, Prove & Run, Riscure, and UL (with TrustCB as certification body), offering laboratory evaluation at Levels 2 through 4.Mon, 20 Apr 2026 00:00:00 GMTMIFARE - Contactless Smart Card Certificationshttps://nenkin.io/wiki/schemes/mifare/https://nenkin.io/wiki/schemes/mifare/MIFARE is NXP's family of contactless smart card ICs for transit, access, and loyalty. Individual MIFARE products are evaluated under Common Criteria at high EALs.Mon, 20 Apr 2026 00:00:00 GMTESA - European Space Agency Security Evaluationshttps://nenkin.io/wiki/schemes/esa/https://nenkin.io/wiki/schemes/esa/Security evaluation activities associated with the European Space Agency, tracked alongside commercial Common Criteria certifications for components used in space systems.Mon, 20 Apr 2026 00:00:00 GMTCommon Criteria Overview - ISO/IEC 15408 Explainedhttps://nenkin.io/wiki/common-criteria/https://nenkin.io/wiki/common-criteria/Complete overview of Common Criteria (ISO/IEC 15408): the international standard for IT security evaluation, EAL levels, Protection Profiles, and the CCRA mutual-recognition framework.Thu, 16 Apr 2026 00:00:00 GMTCertification Schemes Overviewhttps://nenkin.io/wiki/certification-schemes/https://nenkin.io/wiki/certification-schemes/An overview of the major Common Criteria certification schemes worldwide, including BSI, ANSSI, NIAP, and the emerging EUCC.Thu, 16 Apr 2026 00:00:00 GMTEvaluation Assurance Levels (EAL)https://nenkin.io/wiki/eal-levels/https://nenkin.io/wiki/eal-levels/Reference guide to EAL1 through EAL7 - what each Evaluation Assurance Level requires, what it measures, and how it affects procurement decisions.Thu, 16 Apr 2026 00:00:00 GMTProtection Profiles (PP)https://nenkin.io/wiki/protection-profiles/https://nenkin.io/wiki/protection-profiles/What Protection Profiles are, how they work in Common Criteria evaluations, and why they matter for procurement and compliance.Thu, 16 Apr 2026 00:00:00 GMT