The continuous technological developments andthe growing connectivity of applications and infrastructuresis leading to the new threats to the technological world inparticular to the possibility of considering certain threats inenvironments that were not previously touched by them. Nowthat many safety critical systems are becoming connected,they need to be protected from security threats. Safetyand security engineering and certification evaluation areprocesses that have evolved independently. However now thatsecurity issues may impact safety they need to be analysedtogether, yet the processes must become more flexible toencourage certification when it is not mandatory. In thispaper we sketch an approach for incremental certification ofsecurity requirements with Common Criteria in the generalcontext of security/safety co-engineering and certification.The approach is illustrated with a case study.