Common Criteria/ISO15408

Common Criteria is a framework in which products users can specify their security requirements.


UL was one of the first laboratories involved in the European Common Approval Scheme for Point-Of-Interaction devices. Nowadays UL is one of the accredited Common Criteria laboratories. UL's Commercial Evaluation Facility (CLEF) laboratory performs Common Criteria (CC) evaluations, for certification by the CESG Certification Body (CB), under the UK IT Security Evaluation and Certification Scheme. UL also completes evaluations under the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme in the US.

Common Criteria is a framework in which products users can specify their security requirements, vendors can then implement the security attributes of their products, and accredited security laboratories will evaluate the products to determine if they actually meet the claims. In other words, Common Criteria provides some level of assurance that the process of specification, implementation and evaluation of a security product has been conducted in a rigorous and standard manner.


UL understands that achieving CC validation represents a significant investment by our customers. We help our clients gain a Common Criteria certificate as quickly as possible—on time and on budget. Our CC evaluation services provide a streamlined process that minimizes the impact on our customers’ resources. Moreover, Fortune 1000 companies choose UL’s laboratory in San Luis Obispo (formerly known as InfoGard) for our customer responsiveness, our flexibility, our proven expertise and security knowledge.

Services Include

Protection Profile Workshop

Meet with a Security Engineer in person or remotely to learn about program and documentation requirements as they apply to your specific product. These workshops are focused on educating your team on Common Criteria validation while identifying the potential gaps between your product and the requirements of NIAP. This service is highly recommended for customers that are new to Common Criteria in the U.S.

Technical Documentation

UL’s Technical Writing Team will collaborate with your Engineering staff to generate documents that facilitate CC validation by ensuring that the features of each IT Security product are accurately described to satisfy both the Federal customer and CC requirements.

Accredited Testing

As an accredited laboratory, UL performs comprehensive documentation analysis and functional testing of each IT Security product to determine conformance to the Security claims in the Security Target and the Protection Profile.

Commercial Solutions for Classified (CSfC) Program

To obtain a listing as an eligible CSfC component, products must go through NIAP Certification, as well as FIPS 140-2 Validation. As an industry leader in both fields, UL can optimize these efforts to get our customers listed quickly. We understand there are many unanswered questions in the marketplace, since this is a new program. We will be happy to answer any and all questions you might have.



Related news