achelos completes CC Site Certification
The German Federal Office for Information Security (BSI) has successfully certified the development site of achelos GmbH in Paderborn to Common Criteria (CC), a catalogue of criteria for IT security that applies worldwide. The team of experts at achelos is anticipating a further increase in demand for development support at the highest CC evaluation levels.
"achelos has already been certified to ISO 9001 and ISO 27001 for two years. For us, the recent certification of the achelos development site to Common Criteria was a logical further development of our certification portfolio. As a manufacturer-independent software development and consulting firm, we can now offer our customers flexible software development at the highest IT security level and early in the project from our Paderborn site. This makes us particularly attractive to a large number of small and medium-sized enterprises from the manufacturing sector that do not have sufficient development capacities but are looking to certify products to Common Criteria," explains Kathrin Asmuth, Managing Partner at achelos. "With the CC site certification, we have already made the certification process easier for our customers by removing a potential obstacle. This leads to significant time and cost savings when launching new products to market," Asmuth adds.
achelos already has a great deal of experience in the Common Criteria environment. Indeed, the team of experts has been accompanying and supporting customers in performing CC security evaluations and CC certifications for many years. With its CC site certification, the IT security firm is now extending its portfolio in the development environment even further. "The speed with which the certification process was executed by the BSI is worthy of particular praise. Indeed, it only took six months from the first project meeting to certification being awarded. The CC security certificate for the achelos development site covers security requirements up to a testing depth of EAL5 with the extensions ALC_DVS.2 and AVA_VAN.5 for the greatest resistance to attacks. Necessary extensions to EAL7 can also be easily added for individual projects as and when required. We can therefore execute product developments at the highest security level for customers from a wide range of sectors," comments Dr. Karsten Klohs, Director Business Development Security Engineering, who managed the project for achelos.
The "Common Criteria for Information Technology Security Evaluation" guarantee a uniform international standard for the security of information technology. In practice, the requirements in terms of trustworthiness are summarised in the so-called Evaluation Assurance Level (EAL) and, depending on circumstances, evaluated in a 7-stage security model (whereby EAL 1 = functionally tested, all the way up to EAL 7 = formally verified development and tested). The documented results are used to verify and assess the security of IT systems, products and applications.