NIAP: Common Criteria Recognition Arrangement
NIAP/CCEVS
  NIAP  »»  CCEVS Big Picture  »»  Common Criteria Recognition Arrangement  
Common Criteria Recognition Arrangement (CCRA)

Following the development of the Common Criteria, the National Institute of Standards and Technology and the National Security Agency, in cooperation and collaboration with the U.S. State Department, worked closely with their partners in the CC Project to produce a mutual recognition arrangement for IT security evaluations. In October 1998, after two years of intense negotiations, government organizations from the United States, Canada, France, Germany, and the United Kingdom signed the historic recognition arrangement for Common Criteria-based IT security evaluations. The Arrangement, officially known as the Arrangement on the Mutual Recognition of Common Criteria Certificates in the Field of IT Security (.pdf), was a significant step forward for government and industry in IT product and protection profile security evaluations. The U.S. Government and its foreign partners in the Arrangement share the following objectives with regard to evaluations of IT products and protection profiles:

  • Ensure that evaluations of IT products and protection profiles are performed to high and consistent standards and are seen to contribute significantly to confidence in the security of those products and profiles.
  • Increase the availability of evaluated, security-enhanced IT products and protection profiles for national use.
  • Eliminate duplicate evaluations of IT products and protection profiles.
  • Continuously improve the efficiency and cost-effectiveness of security evaluations and the certification/validation process for IT products and protection profiles.

In October 1999, Australia and New Zealand joined the Mutual Recognition Arrangement increasing the total number of participating nations to seven. Following a brief revision of the original Arrangement to allow for the participation of both certificate-consuming and certificate-producing nations, an expanded Recognition Arrangement was signed in May 2000 at the 1st International Common Criteria Conference by Government organizations from thirteen nations. These include: Australia, Canada, Finland, France, Germany, Greece, Italy, the Netherlands, New Zealand, Norway, Spain, the United Kingdom, the United States. The State of Israel became the fourteenth nation to sign the Recognition Arrangement in November 2000.

Currently, twenty-six countries are part of the CCRA. Seventeen countries (Australia, Canada, France, Germany, India, Italy, Japan, Malaysia, the Netherlands, New Zealand, Norway, South Korea, Spain, Sweden, Turkey, the United Kingdom, and the United States) are Certificate Producers, and nine countries (Austria, Czech Republic, Denmark, Finland, Greece, Hungary, Israel, Pakistan, and Singapore) are Certificate Consumers.

A Management Committee, composed of senior representatives from each signatory's country, has been established to implement the Recognition Arrangement and to provide guidance to the respective national schemes conducting evaluation and validation activities. The U.S. Representative to the Management Committee is:

Janine S. Pedersen
Director, NIAP
National Security Agency
Department of Defense
9800 Savage Rd., Suite 6940
Ft. Meade, MD 20755-6940
niap@niap-ccevs.org
(410) 854-4458
 
Site Map              Contact Us              Home