SERTIT — Norway's Common Criteria Scheme

SERTIT, the Norwegian Certification Authority for IT Security, is Norway’s national Common Criteria certification body. It is operated by the Norwegian National Security Authority (NSM) and is a CCRA authorizing member.

Key facts

  • Authorizing body: SERTIT, operated under the Norwegian National Security Authority (NSM)
  • Country / region: Norway
  • Year established: SERTIT has been operating as Norway’s certification authority since the early 2000s
  • Product types: network and communications products, public-sector IT, identity and access products, smart card-related TOEs
  • CCRA status: Certificate Authorizing Member
  • Canonical portal: https://sertit.no/

Overview

SERTIT is a smaller scheme than BSI or ANSSI in absolute volume, but it is an established CCRA authorizing member and issues certificates for vendors that serve Nordic and European markets. Its output concentrates in communications equipment, identity products, and TOEs tied to public-sector use cases.

How evaluations work under this scheme

A vendor contracts with a SERTIT-accredited ITSEF. The ITSEF executes the CEM work units and any applicable Supporting Documents, producing the Evaluation Technical Report. SERTIT reviews the ETR and issues the Certification Report and certificate. Certificates are published on SERTIT’s site and mirrored via the CCRA portal.

Notable product categories

  • Secure communications and network products
  • Identity, access, and authentication components
  • Public-sector IT systems and applications
  • Smart card-related TOEs in selected programmes

Relationship to CC baseline

SERTIT evaluations follow ISO/IEC 15408 and the CEM baseline. The scheme participates in CCRA-level coordination and accepts cPP-driven evaluations produced by its labs, with certificates recognized by other authorizing and consuming members up to the CCRA cap.

Where to find official records

See also: Certification Schemes Overview, EAL Levels, Glossary.