What kinds of products are certified in this Scheme?

Level of security of ICT products is certified, either software or hardware and in accordance with the Scheme regulations: ITSEC, Common Criteria, ISO15408/ISO18045 and ISO19790/ISO24759.

Which is the cost of certifying a product?

The Certification Process, as an administrative process between the applicant and the CCN, is free. Although according to the Regulation a fee could be charged for the issuing of the Certification, the Body of Certification hasn't charged for it so far.

The task of evaluation of the laboratory has a cost, that ends with the issuing of a Technical Evaluation Report and which is regulated by a contract between the applicant and the laboratory.

How long does it take to certify a product?

It depends on many aspects and actors:

  • Complexity of the product
  • Level of evaluation
  • Scope of work of the laboratory and the Body of Certification
  • Availability of the product and the documentation required for the evaluation and capability of the applicant to solve problems during the evaluation process

Certification's validity

  • The certificate obtained according to the Common Criteria is restricted by all countries which signed the CCRA (www.commoncriteriaportal.org) and it cannot expire as long as the conditions under which it was awarded are still being met. Likewise, any certificate issued by an authorised CCRA agreement country is recognised by Spain. In both cases, the recognition is only valid up to EAL2.