About sec-certs

We want to become the one-stop shop to explore the Common Criteria / FIPS 140 certification ecosystem. We aggregate and annotate certification data, enabling unified search, vulnerability investigation, trend analyses, side-by-side comparisons, notifications and other features.

The sec-certs tool is an ongoing research project by the Centre for Research on Cryptography and Security. Learn more about our team and research.

sec-certs sec-certs

Common Criteria

Want to explore Common Criteria certificates?

Go

Protection Profiles

Want to explore Protection Profiles of Common Criteria certificates?

Go

FIPS 140

Want to explore FIPS 140-2 and 140-3 certificates?

Go

Vulnerabilities

Want to explore how vulnerabilities affect certified products?

Go

Main features

Unified search

Search through our extracted certificate data, filter by categories or status. Explore the certificates without downloading and reading countless PDFs.

Compare certificates using the floating button to see differences between them.

CC PP FIPS

Certificate references

Explore the references between certificates in a graph. A certificate referencing another certificate often means that it builds on top of the referenced certificate.

CC FIPS

Vulnerability investigation

Investigate the vulnerabilities affecting certified products. We automatically map certificates to CVE entries in NIST's National Vulnerability Database affecting them.

The information on relevant CVEs is displayed in the appropriate heuristics section on pages of the affected certificates.

CVE CPE

Trend visualizations

Explore our analysis of the security certifications landscape as it evolves over time. The analysis results presented here are preliminary, for more, see our published research.

CC PP FIPS

Open source & open data

Contribute to our code or download our extracted dataset in machine-readable format. The full datasets are available below, while individual certificate data is available on each certificate page.

GitHub CC FIPS

Update notifications

Subscribe to notifications about a vulnerability affecting a set of certified products, all changes in a set of certified products or about new certificates.

Subscribe using the floating button in the bottom right corner.

Do it yourself!

The tools used to create the datasets on this website as well as the datasets themselves are open-source and available on our GitHub. Documentation, including a quick-start guide, can be found on below.

GitHub Docs

About

Want to learn more about our research? More information, including our publications and the privacy policy of this site can be found on our about page.

About