| Re: [threadx-dev] [EXTERNAL] Re: Where to get Common Criteria EAL report |
Frédéric DESBIENS
Project Lead | Eclipse ThreadX
Senior Manager — Embedded and IoT | Eclipse Foundation
Mastodon: @fdesbiens@xxxxxxxxxxxxxxxxxxxxx
Eclipse Foundation: The Community for Open Innovation and Collaboration
_______________________________________________Hi Bill,
thank you, this helps me further.
Are there any plans for a renewal of the common criteria certification or any other security approval, e.g. along IEC62443-4-x for ThreadX and its components?
Best Regards
Theo
EDODE -- Product Owner / Domain Expert Functional Safety & Product Architecture
----------------------------------------------------------------------
HIMA Group
HIMA Paul Hildebrandt GmbH
Albert-Bassermann-Str. 28 I 68782 Brühl I Germany
Phone: +49 6202 709-286
mailto:h.hannen@xxxxxxxx
----------------------------------------------------------------------
Explore the Sustainability initiatives by HIMA Group
https://www.hima.com/Sustainability
----------------------------------------------------------------------
#safetygoesdigital
Discover the HIMA Group approach to the digitalization of functional safety with added value.
Von: threadx-dev <threadx-dev-bounces@xxxxxxxxxxx> Im Auftrag von Bill Lamie via threadx-dev
Gesendet: Mittwoch, 7. Januar 2026 20:20
An: ThreadX project developer discussion <threadx-dev@xxxxxxxxxxx>
Cc: Bill Lamie <blamie@xxxxxxxxxxx>
Betreff: [EXTERNAL] Re: [threadx-dev] Where to get Common Criteria EAL report
Hi again,
Small correction, the EAL4 certification was completed in 2018 and expired in 2023, as stated in the report.
Best regards,
Bill
From: threadx-dev <threadx-dev-bounces@xxxxxxxxxxx> On Behalf Of Bill Lamie via threadx-dev
Sent: Wednesday, January 7, 2026 11:05 AM
To: ThreadX project developer discussion <threadx-dev@xxxxxxxxxxx>
Cc: Bill Lamie <blamie@xxxxxxxxxxx>
Subject: Re: [threadx-dev] Where to get Common Criteria EAL report
Hi Dr. Heinrich-Theodor,
The EAL4+ certification was done by Express Logic back in 2023 and was based on the 5.11 code base (I think). Here is a news story about it at the time:
What might be confusing is that the package certified was called “X-Ware IoT Platform SC,” which included ThreadX, NetX Duo, NetX Secure TLS, and NetX MQTT. I found this certification link at SERTIT:
https://sertit.no/certified-products/product-archive/x-ware-iot-platform-sc
Here is the NIST link for the NetX Crypto 5.11 SP1 certification:
https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3394
Of course, both of these certifications are for versions that are now quite old, but hopefully this will help!
Best regards,
Bill
From: threadx-dev <threadx-dev-bounces@xxxxxxxxxxx> On Behalf Of Hannen, Dr. Heinrich-Theodor via threadx-dev
Sent: Wednesday, January 7, 2026 8:55 AM
To: threadx-dev@xxxxxxxxxxx
Cc: Hannen, Dr. Heinrich-Theodor <h.hannen@xxxxxxxx>
Subject: [threadx-dev] Where to get Common Criteria EAL report
Hello,
on ThreadX github https://github.com/eclipse-threadx/rtos-docs#eal4-common-criteria-security-certification CC certification to EAL4+ and FIPS 140-2 is mentioned.
Searching the web especially https://www.commoncriteriaportal.org/products/index.cfm and https://www.niap-ccevs.org/productsI didn’t found ThreadX or its components.
Do you have hint where to get appropriate CC EAL certificate/report.
Kind Regards
Dr. Ing. Heinrich-Theodor Hannen
EDODE -- Product Owner / Domain Expert Functional Safety & Product Architecture
----------------------------------------------------------------------
HIMA Group
HIMA Paul Hildebrandt GmbH
Albert-Bassermann-Str. 28 I 68782 Brühl I Germany
Phone: +49 6202 709-286
mailto:h.hannen@xxxxxxxx
----------------------------------------------------------------------
Explore the Sustainability initiatives by HIMA Group
https://www.hima.com/Sustainability
----------------------------------------------------------------------
#safetygoesdigital
Discover the HIMA Group approach to the digitalization of functional safety with added value.
Informationspflicht nach Art. 13 und 14 DS-GVO: https://www.hima.com/de/datenschutzerklaerung Information obligation according to Art. 13 and 14 DS-GVO: https://www.hima.com/en/privacy-policy
HIMA Paul Hildebrandt GmbH, Albert-Bassermann-Str. 28, 68782 Bruehl bei Mannheim
Gesellschaft mit beschraenkter Haftung, Sitz Bruehl, Deutschland - Registergericht Mannheim HRB 720409
USt-ID: DE 144286400
WEEE-Reg.-Nr.: DE87326515Geschaeftsfuehrender Gesellschafter: Steffen Philipp, Geschaeftsfuehrer: Joerg de la Motte (Vorsitz), Dr. Michael Loebig
Diese Nachricht und saemtliche Anhaenge sind vertraulich und duerfen nicht an Dritte weitergeleitet oder sonst veroeffentlicht werden, soweit nicht ausdruecklich etwas anderes bestimmt ist. Falls Sie nicht der beabsichtigte Empfaenger sind, bitten wir Sie, mit dem Absender Kontakt aufzunehmen und diese Nachricht und saemtliche Anhaenge von Ihrem System zu loeschen. Auch in diesem Fall sind Sie weder berechtigt, diese Nachricht oder etwaige Anhaenge zu kopieren noch deren Inhalt einem Dritten zugaenglich zu machen.
This message and its attachments are confidential and can contain privileged information which may not be distributed or published, unless expressly stated otherwise. If you are not the intended recipient, please notify us immediately and delete this email and its attachments. If you have received this communication in error, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited.
Informationspflicht nach Art. 13 und 14 DS-GVO: https://www.hima.com/de/datenschutzerklaerung Information obligation according to Art. 13 and 14 DS-GVO: https://www.hima.com/en/privacy-policy
HIMA Paul Hildebrandt GmbH, Albert-Bassermann-Str. 28, 68782 Bruehl bei Mannheim
Gesellschaft mit beschraenkter Haftung, Sitz Bruehl, Deutschland - Registergericht Mannheim HRB 720409
USt-ID: DE 144286400
WEEE-Reg.-Nr.: DE87326515Geschaeftsfuehrender Gesellschafter: Steffen Philipp, Geschaeftsfuehrer: Joerg de la Motte (Vorsitz), Dr. Michael Loebig
Diese Nachricht und saemtliche Anhaenge sind vertraulich und duerfen nicht an Dritte weitergeleitet oder sonst veroeffentlicht werden, soweit nicht ausdruecklich etwas anderes bestimmt ist. Falls Sie nicht der beabsichtigte Empfaenger sind, bitten wir Sie, mit dem Absender Kontakt aufzunehmen und diese Nachricht und saemtliche Anhaenge von Ihrem System zu loeschen. Auch in diesem Fall sind Sie weder berechtigt, diese Nachricht oder etwaige Anhaenge zu kopieren noch deren Inhalt einem Dritten zugaenglich zu machen.
This message and its attachments are confidential and can contain privileged information which may not be distributed or published, unless expressly stated otherwise. If you are not the intended recipient, please notify us immediately and delete this email and its attachments. If you have received this communication in error, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited.
threadx-dev mailing list
threadx-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org
