In order to ensure the highest quality of our services, we use small files called cookies. When using our website, the cookie files are downloaded onto your device. You can change the settings of your browser at any time. In addition, your use of our website is tantamount to your consent to the processing of your personal data provided by electronic means.

National Institute of Telecommunications

Back

ITSEF Advisory Services in the EUCC Program

A few words about ITSEF

We are an accredited IT Security Evaluation Facility (ITSEF) operating at the National Institute of Telecommunications – National Research Institute. A brief description of our activities, including the scope of accreditation, can be found at: https://www.gov.pl/web/national-institute-of-telecommunications/it-security-evaluation-facility-itsef.

We cooperate with enterprises operating across various sectors that strive to meet the highest security standards and obtain official confirmation of compliance with the Common Criteria (cybersecurity certification).

Service Objective

Standards related to cybersecurity evaluation contain a set of requirements that a product must meet, both concerning the description of the architecture, as well as the documentation of security functionalities and conducted tests. Our advisory service aims to support organizations in the process of preparing their products for cybersecurity certification under the EUCC (European Union Cybersecurity Certification) program, which is compliant with the Common Criteria — the first European cybersecurity certification program for ICT products, operational within the European Economic Area since February 2025.

https://certification.enisa.europa.eu/certification-library/eucc-certification-scheme_en

Our experienced experts provide the services in compliance with the requirements of EN ISO/IEC 17025:2017 and the requirements specified in the EUCC Programme.

Scope of Services

The scope of the service is determined individually for each organization, considering its needs, budget, and the specific nature of its operations, and the products it intends to have certified for compliance with the Common Criteria. It includes activities such as:

  1. Presentation of the reference standard requirements for a specific product.
  2. Support in understanding the context of the product environment and the context of the evaluation.
  3. Support in properly understanding the concept of the target of evaluation (TOE) in relation to the entire product.
  4. Analysis of the completeness of the information in terms of successfully passing the evaluation process (considering that the level of detail in the documentation must be appropriate to the adopted Evaluation Assurance Level — EAL).
  5. Advising on the adaptation or development of documentation (collection of evidence) in compliance with the requirements of the reference standards, including:
    1. The dedicated technical specification document (ST – Security Target);
    2. A description of the TOE security functionality interfaces (TOE-TSFI), both internal and external;
    3. Verification of the existing developer’s documentation in relation to evaluation activities concerning the assurance components related to the TOE architecture and the specification of security functionalities within the ADV, AGD, ALC, and ATE classes;
    4. Tools required to set up the TOE test environment in ITSEF (including dedicated developer tools, if needed).
  6. Advice on communication with the certification body (CB).

Why choosing us?

  • Experience in projects compliant with Common Criteria.
  • A team composed of cybersecurity experts, evaluators, and engineers.
  • Knowledge of certification body procedures and expectations.
  • A practical approach — maximizing the chances of a successful outcome in evaluation and certification processes.

Each service requires an individual approach to pricing.

If you are interested in our services, please contact us by email at: lob_itsef-at-il-pib.pl

{"register":{"columns":[]}}