Common Criteria Evaluation

The Gossamer Common Criteria Testing Laboratory performs Common Criteria Evaluation (also referred to as Testing) employing well-known Common Criteria experts to address all of your Common Criteria evaluation and testing needs.

The Gossamer Common Criteria Testing Laboratory has substantial experience in all facets of Common Criteria evaluations. 

 While we have substantial historical experience, we are actively participating in the Common Criteria evaluation community at large and are forward looking so that we can offer the best advice given current and evolving community conditions.

We will work with you every step of the way, adjusting to your specific needs to develop the best approach to reach your goal successfully and efficiently.

While our primary function is to perform evaluations, we offer a range of services so that Gossamer can serve as a one-stop-shop toward getting a Common Criteria evaluation certificate.

Initial Assessments

The evaluation process can be complicated and resource intensive. We can work with you to assess the best course for a Common Criteria evaluation of your product. We will help identify applicable requirements (e.g., Protection Profiles), review the readiness of the product to satisfy the requirements, explain the evaluation process, and estimate the time and effort required to complete an evaluation.

Security Target Authoring and Maintenance

Security Targets are required for every Common Criteria evaluation. These documents serve to identify the product to be evaluated as well as to identify the specific security claims (i.e., requirements) against which the product will be evaluated. We are experts at composing Security Targets and will not only work with you to create the right Security Target for your product, but will maintain that Security Target throughout the evaluation life-cycle.

Entropy Analysis Support

Many currently existing and evolving Protection Profiles require an assessment demonstrating that cryptographic functions are supported with adequate entropy sources. We can work with you to explain the requirements and to guide, assist, or even develop the required entropy justification.

Evaluation and Testing

In order to evaluate product using the Common Criteria, an independent and accredited evaluation team must evaluate the Security Target, the user and administrator guidance for the product, and finally the product itself through hands-on testing. We have extensive experience performing evaluations and will work with you to get the job done while minimizing impacts on your own developers. Ultimately, the evaluation results must be approved by a government oversight body and we will also work with them to make that process as smooth as possible to get your Common Criteria evaluation certificate as soon as possible.

Cryptographic Algorithm Testing

While a function of Cryptographic and Security Testing, the US Scheme is requiring that most Common Criteria evaluated products have FIPS-certified cryptographic algorithms. With our Cryptographic and Security Testing Laboratory, we can offer algorithm testing in conjunction with Common Criteria testing.

Assurance Continuity

While getting a Common Criteria evaluation certificate is a major milestone, you will want to keep tour certificate up-to-date to avoid costly re-evaluation where possible. We can work with you to guide or to perform the required analysis of minor product releases and to produce the required documentation in order to keep your certification current.

Evaluation Consulting Support

While our Common Criteria Testing Laboratory is accredited to perform Common Criteria evaluations in order to produce government evaluation certificates, we offer additional support as may be needed. Beyond creating Security Targets, we offer specialized training and help with the development of required user and administrative guidance materials and can guide your test team on the testing requirements.


Gossamer's Last 10 Evaluations


Today's NIAP Common Criteria Evaluation Statistics