The German certification scheme provides users, manufacturers, and other interested persons with the following information about the certification process in line with the Common Criteria (CC) and ITSEC:

• The 'Certified IT security-brochure' provides a general overview of the certification concepts of the BSI for IT products and IT systems. It includes the topics of audit standards and protection profiles, IT security certification of products in line with the CC, and accreditation of facilities to perform audits in line with the CC.
• The Verfahrensbeschreibung zur Zertifizierung von Produkten (VB-Produkte.PD) - Version 5.1 document from the certification and accreditation programme sets out the benefits for the applicant, as well as the process itself and the associated rights, duties, and obligations. It is meant to aid the decision-making of those who intend to submit an application (read: manufacturers who wish to have their products certified).
• The document Product certification: IT security certification scheme Common Criteria (CC) (CC-Produkte), Version 4.1' describes the IT security certification procedures and processes in the BSI certification scheme and the international recognition of certificates, and also provides necessary information for applicants.
• The document Scheme [CC-Prüfstellen]: CC evaluation process 1.3' explains the relevant requirements for the CC process, as well as specifications for evaluation facilities.
• The guide to creating protection profiles (Protection Profile - PP) and (Security Target - ST) in line with version 3.1 of the CC ( The PP/ST-Guide [PP/ST] - Version 2.0 (in englisch - see also AIS 41) provides support for those writing up protection profiles in accordance with the CC and for creating security targets for a specific product certification.
• The guide to creating developer documentation in line with version 3.1 of the CC Guidelines for Developer Documentation according to Common Criteria Version 3.1 (GD_DEV) - Version 3.1, (in englisch - see also AIS 42) supports the applicant in the provision of audit evidence for product certification in line with the CC.

• Articles

  • IT security certification (general questions)
  • International recognition of certificates