Comprehensive security evaluation and certification support from EAL1 to EAL7 under the Common Criteria standard (ISO/IEC 15408).
Common Criteria (CC) is an international standard (ISO/IEC 15408) for evaluating IT security products and systems. The Evaluation Assurance Level (EAL) expresses the degree to which a product's security functions have been verified, and is defined across seven levels from 1 to 7.
At TUGAY, we provide evaluation services at every level from EAL1 through EAL7. We deliver specialized CC evaluation support for organizations operating in sectors that demand high assurance, such as public institutions, the defense industry, and financial services.
Request an EAL EvaluationEach level contains more comprehensive assurance requirements than the one before it.
The most basic assurance level. It verifies that the product's security functions operate in accordance with its design. Suitable for low-risk products requiring independent security analysis.
Security testing is conducted using design information. Can be applied without access to the developer's development process; widely used for legacy systems.
Confirms systematic application of security engineering practices. The development environment and lifecycle controls are audited.
The most common level for commercial products. Includes comprehensive design description, independent testing, and vulnerability analysis.
Requires semiformal design and policy modeling. An advanced assurance level for environments with serious security threats.
Structured development environment, comprehensive penetration testing, and semiformal implementation verification. For products protecting high-value assets.
The highest assurance level. Requires formal mathematical proof methods to verify both design and implementation. Applied for defense and critical infrastructure systems.
Security certification delivers institutional trust and competitive advantage.
For products and systems targeting public institutions and the defense sector, CC certification is frequently a mandatory or preferred criterion.
Products evaluated under the Common Criteria Recognition Arrangement (CCRA) are mutually recognized across 31 signatory countries.
Independent evaluation verifies your product's security claims in a neutral framework, providing genuine security assurance to your customers.
Security isn't just for large enterprises. Every startup needs a solid foundation from day one. Let us find the vulnerabilities before attackers do. For free.
Apply for Startup ProgramApplication is free. No commitment required.
Assessment scope