Product presentation

C5-DEC CAD for secure-by-design engineering and certification workflows

C5-DEC CAD unifies Common Criteria tooling, SSDLC traceability, compliance workflows, cyber-physical system security assessment, cryptography, and resource management in one repository-centric platform. This page gives stakeholders a fast visual tour of the product capabilities.

Open quick start Browse user manual

3 interfaces CLI, TUI, and GUI

8+ modules CCT, SSDLC, CRA, SBOM, CPSSA, PM, ISMS, Crypto

Open formats Markdown, YAML, JSON, CSV, LaTeX

Traceability-first Doorstop-backed specification lifecycle

Core capabilities

From requirements to reports

Common Criteria Toolbox

Browse SFR/SAR content, generate evaluation checklists, and work with component-level evidence.

CCT Browser Eval checklist SFR/SAR navigation

SSDLC + transformer

Manage artifact repositories and item relations, then import/export/convert/publish technical data. The SpecEngine pipeline now includes dependency content fingerprinting — SHA-256 hashes over referenced files so any source change is instantly surfaced in impacted spec items.

Doorstop Import/export Publishing Dependency fingerprinting

Traceability analytics

Visualize coverage, gaps, and link structures through browser dashboards and interactive graph reports. Dependency fingerprints extend this with automatic change detection across all referenced artifacts.

Coverage stats Spec browser Graph view Fingerprint impact analysis

DocEngine and ETR

Generate styled technical reports and presentations using Quarto templates and ETR pipelines.

Quarto PDF/HTML Template-driven

CRA, SBOM, and CPSSA

Support modern cybersecurity compliance and threat analysis with dedicated integrated workflows.

CRA checklists SBOM flows Threat modelling

Project and ISMS operations

Process time/cost reports, tag documentation, and monitor activity traces for operational readiness.

OpenProject conversion Cost analysis ISMS assistants

Product screenshot gallery

Click any screenshot to zoom

Specification browser HTML report — Specification browser report view for linked artifacts and traceability context.

Traceability statistics page — Coverage and health indicators across document types and requirement chains.

Interactive graph of specification links — Interactive graph for quickly locating covered and uncovered nodes.

SpecEngine dependency content fingerprint output — SpecEngine dependency content fingerprinting: SHA-256 hashes over every referenced file, stored per spec item. When a dependency source file or artifact changes, impacted items are flagged **[STALE]** — a direct signal to rerun affected tests and reviews. Supports `--check` as a CI gate.

DocEngine rendered report output — DocEngine-generated technical reports with polished styling and structured chapters.

DocEngine compiled report examples — Compiled DocEngine report examples showing cover page, table of contents, diagrams, code snippets, and reference sections rendered to PDF.

C5-DEC CAD evaluation checklist exported to Excel — CC evaluation checklist exported to Excel, with work-unit text, level, links, active flags, and component metadata across dedicated sheets.

C5-DEC CAD test case specification item — Published test case specification (TCS) item view, showing preconditions, test steps, expected outcome, and traceability links to SRS requirements.

C5-DEC CAD test report item specification — Published test report (TRP) item view, displaying execution results, defect category, evidence, and parent TCS links for end-to-end verification traceability.

C5-DEC CAD GUI Common Criteria browser — GUI module for browsing CC classes, families, components, and elements.

C5-DEC CAD GUI evaluation laboratory — Evaluation laboratory workflow for component selection and checklist generation.

Main C5-DEC CAD textual user interface — Main TUI entrypoint exposing CCT and PM.

Evaluation checklist creation in TUI — Interactive checklist generation with package and component-level selection support.

Cost and resource analysis spreadsheet report — Project resource and cost overview outputs for PM reporting workflows.

Typical value flow

One toolchain, continuous evidence

1. Define

Establish requirements and architecture artifacts with structured item repositories.

2. Analyze

Inspect CC content, threat models, and compliance obligations through dedicated modules.

3. Link

Create and validate traceability links across SRS, ARC, SWD, TCS, and TRP items.

4. Verify

Execute test and evaluation workflows. Dependency fingerprints flag all impacted spec items the moment a referenced source file or artifact changes.

5. Publish

Generate reports, traceability dashboards, and final deliverables for stakeholders.