Business Field IT Security Components

IT security scaled millions of times over: Our hardware and software evaluations

In an increasingly digitalized world, the IT hardware and software is paramount. They form the backbone of technological advancement, enabling vital processes across industries. However, in critical applications, such as in the energy or finance sector, ensuring their security and reliability is crucial. International standards, like ISO or Common Criteria, provide frameworks for rigorous testing and evaluation. Complying with these standards not only ensures security and compliance to national or EU-regulation but also fosters trust in technology's role in our daily lives and critical use cases.


  Fit for critical use cases

Security certification as door opener on clients site for highly critical application scenarios.


  Trustworthiness of supply chains

Compliance to existing and upcoming regulations focusing on it security in supply chains.

Landscape of services


Security Guidelines
Knowledge Transfer

Development of specifications (e.g. PPs), evaluation procedure & scoping workshops, Trainings


Evaluation of
IT components

Evaluation and testing of security functionalities of IT products such as hardware and (embedded) software, in parts according to graded trustworthiness levels. 



Audits of development and production environments as an integral part of the evaluation process of IT components. 

A selection of our core areas of expertise

Software evaluation

TÜVIT has been evaluating (embedded) software since 1991. We are recognized in Germany, the Netherlands, Qatar, Singapore and Japan as an evaluation body for Common Criteria with long-term experience for operating systems, database management systems, network devices (e.g. firewalls, VPN solutions, routers, gateways), communication systems and more.
Read more

Hardware evaluation

Credit cards, government documents, health cards or sim cards in mobile phones have one thing in common: at their core is a chip or security module on which relevant data such as the identity of the owner, the fingerprint or the PIN code is stored. Depending on the use case, TÜVIT tests their security in accordance with national or international standards or specifications (Common Criteria, FIPS PUB 140-3, EMVCo) in our authorised full-service lab in Essen, Germany.
Learn more

Mobile Network Components

Mobile networks as a critical infrastructure connect societies, enable communication in case of emergencies, in commerce and for essential services. TÜVIT is testing network devices on the basis of firmly defined evaluation frameworks and safety catalogs according to the “Network Equipment Security Assurance Scheme” (NESAS). In addition the aspect of securit over the entire product life cycle is also audited in a complementary procedure.
More Information

Get the full overview of our activities


World class lab for IT security

More than 600 evaluation projects
According to Common Criteria (from EAL1 to EAL7)

Accreditations around the world
Germany, the Netherlands, Qatar, Singapore, Japan - our CC accreditations make us a  worldwide partner close to the markets.

One fits it all
Our wide knowledge and 25 years of experience for evaluations according to relevant security standards allow us to optimize your certification portfolio. 

A technological step ahead
In our labs we rely on a modern test environement and use the strongest attack techniques that are currently available on the market. 

Deep dive into our lab facilities

Smart Meter Gateway (SMGW): Secure energy transition

Cyber attacks (swarm attacks) against smart meter systems can destabilise the electricity grid, even leading to a blackout. In addition, gateways have already been manipulated by end users. We support the German BSI and the BMWI with the security and privacy specification of the SMGW and the systems required for operation. We also test the gateways and certain connected technologies in accordance with CC-ISO 1540.
Read more

SIM Card, eSIM, iSIM: small, smaller - but secure!

In the Internet of Things (IoT), everything is connected to everything else and machines talk to machines. The chip industry is developing SIM products that are specially tailored to these needs. These manage and process critical data such as the card number or cryptographic key. We protect the confidentiality and integrity of the SIM with design, architecture and source code analyses, intensive vulnerability analyses and penetration tests.
Read more

FIPS: The Key to Cryptography's Strength

Cryptographic mechanisms and algorithms are being used in more and more IT products. In addition to traditional hardware security modules, storage media with hardware encryption, software modules, VPN solutions and smart cards are often certified in accordance with FIPS 140-3, the de facto standard for testing cryptographic modules. We have been accredited for this by the National Institute of Standards and Technology (NIST, USA) since 2005.
Learn more