More about our services

Our accredited Testing Laboratory performs security (testing / validating) of information technology products and electronic information systems and help to prepare for such evaluations

layout styles

Our experts qualifications:

CEH (Certified Ethical Hacker),CISA (Information Systems Audit and Control Association), CISM (Certified Information Security Manager), ISO 27001 Lead Auditor, ISO 9001 Lead Auditor, ISTQB (International Software Testing Qualifications Board) Certified Tester Foundation Level, ITIL v3 Foundation, Certified GDPR manager, electronic signature expert


Our Testing Laboratory possesses the following accreditations of the National Accreditation Authority.

OUR QUALIFICATIONS

Security evaluation of IT products

When evaluating software products with security functionalities, we examine the functional and assurance security requirements laid down by the client in the product’s Security Target according to the ISO/IEC 15408 (-1, -2, -3) standard and ISO/IEC 18045 evaluation methodology, based on the developers’ deliverables written either in Hungarian or in English. Evaluation assurance levels undertaken:

EAL 1 EAL 2 EAL 3 EAL 4

As the client’s discretion, we apply the Hungarian counterpart of Common Criteria /CC/ and Common Evaluation Methodology /CEM/ (Evaluation Methodology for products; Committee of IT in the Public Sector /KIB/ Recommendation No 28) as part of the “MIBÉTS” (Hungarian Information Technology Security Evaluation and Certification Scheme- KIB Recommendation 25th), which are supported by Hungarian manuals („Model and processes”, „Guidance for Vendors”, „Guidance for Developers”).

In this case we examine developers’ deliverables written in Hungarian, at MIBÉTS levels basic, moderate or high.

Security evaluation of electronic information systems

When evaluating the security of electronic information systems one evaluation option is to apply the administrative, physical and logical controls defined in the Decree 41/2015 (VII.15.) of the Ministry of Interior at security levels 2, 3 and 4.

The other evaluation option is to evaluate the fulfilment of the security controls and control enhancements specified in NIST SP 800-53 Rev4 security control guidance (Security and Privacy Controls for Federal Information Systems and Organisation) according to the Low and Moderate control baseline.

In both cases the evaluation methodology in NIST SP 800-53A Rev4 publication is followed.

Consultation service to be prepared

We - as an IT security consultation provider - undertake to help our customers to prepare for the evaluation and certification of information technology products and services.

WE GIVE SUPPORT FOR:

  • creating regulatory environment,
  • revision of and commenting on design documentation from security viewpoint,
  • constructing developers’ deliverables,
  • performing and documenting independent security testing.

In these areas our experts pursue solely such activities that do not conflict with our accredited evaluation services.