Validation Body

The principal objective of the CCEVS is to ensure the provision of competent IT security evaluation and validation services for both government and industry. The CCEVS has the ultimate responsibility for the operation of the scheme in accordance with its policies and procedures, and where appropriate, for the interpretation and amendment of those policies and procedures. NSA is responsible for providing sufficient resources to the CCEVS so that it may carry out its responsibilities.

The CCEVS is led by a Director and Deputy Director selected by NSA management. There are also a significant number of technical and administrative support personnel required to provide a full range of validation services for the sponsors of evaluations and the Common Criteria Testing Laboratories. These personnel include validators, technical experts in various technology cells, and senior members of the technical staff.

The CCEVS ensures that appropriate mechanisms are in place to protect the interests of all parties within the scheme participating in the process of IT security evaluation. Any dispute brought forth by a participating party, (i.e., sponsor of an evaluation, product or protection profile developer, or Common Criteria Testing Laboratory), concerning the operation of the scheme or any of its associated activities shall be referred to the CCEVS for resolution. In disputes involving the CCEVS, NSA management will attempt to resolve the dispute.

The points of contact for the CCEVS are: