How the security certification works if the software uses third party libraries or services?
E.g., if someone would like to certify a software product following Common Criteria standard (let's say, CC EAL1). And the software uses:
1) authentication service provided by third party.
2) different libraries, e.g. for data encryption.
3) database for storing the data
Does the certification implies, that only CC EAL1 certified databases (including database driver and ORM framework), libraries and services could be used by certified software product?
If yes, how about the libraries that are not directly involved in the data processing, e.g. logging frameworks, or libraries that are used internally, e.g. JSON or XML parsing libraries and so on?