The validity date of Common Criteria Certificates has been extended to 5 years by TSI, effective for Common Criteria applications to be made as of October 1, 2020. This change does not affect products currently undergoing Common Criteria Assessment. The certificate validity date is 3 years for products under Common Criteria Assessment.

There will be two separate certificate validity dates in the new process

Administrative Validity Date: The period of final validity of the certificate, determined in relation to administrative aspects such as the publication of the certified product. The administrative validity period for Common Criteria Documents issued is 5 years (60 months) for the certified version of the TOE and the specified TOE scope.

Technical Validity Date: This is the period determined to ensure that the TOE remains technically resilient against new attacks and new attack methods. Technical validity periods are 20 months.
When the certificate is first issued, validity periods are determined as administrative validity 60 months and technical validity 20 months.

There will be interim assessments in the new process. There will be two interim assessments after the first certification. The first interim assessment will take place between 17th and 23rd months after the certificate is issued. If there is no change in the product, a vulnerability analysis is performed by the laboratory where the TOE is evaluated, if there is a change in the product or if there is a new vulnerability related to the product and technology, a vulnerability analysis is performed. The laboratory sends the Penetration Test Report and the Evaluation Report, in which other affected families are re-evaluated, to TSI. The second interim assessment will take place between the 37th and 43rd months after the certificate is issued. The process will be conducted in the same way as the first interim assessment.

For detailed information contact us.