NIAP: Common Criteria Recognition Arrangement
NIAP/CCEVS

Following the development of the Common Criteria, the National Institute of Standards and Technology and the National Security Agency, in cooperation and collaboration with the U.S. State Department, worked closely with their partners in the CC Project to produce a mutual recognition arrangement for IT security evaluations. In October 1998, after two years of intense negotiations, government organizations from the United States, Canada, France, Germany, and the United Kingdom signed the historic recognition arrangement for Common Criteria-based IT security evaluations. The Arrangement, officially known as the Arrangement on the Mutual Recognition of Common Criteria Certificates in the Field of IT Security (.pdf), was a significant step forward for government and industry in IT product and protection profile security evaluations. The U.S. Government and its foreign partners in the Arrangement share the following objectives with regard to evaluations of IT products and protection profiles:

  • Ensure that evaluations of IT products and protection profiles are performed to high and consistent standards and are seen to contribute significantly to confidence in the security of those products and profiles.
  • Increase the availability of evaluated, security-enhanced IT products and protection profiles for national use.
  • Eliminate duplicate evaluations of IT products and protection profiles.
  • Continuously improve the efficiency and cost-effectiveness of security evaluations and the certification/validation process for IT products and protection profiles.

In October 1999, Australia and New Zealand joined the Mutual Recognition Arrangement increasing the total number of participating nations to seven. Following a brief revision of the original Arrangement to allow for the participation of both certificate-consuming and certificate-producing nations, an expanded Recognition Arrangement was signed in May 2000 at the 1st International Common Criteria Conference by Government organizations from thirteen nations. These include: Australia, Canada, Finland, France, Germany, Greece, Italy, the Netherlands, New Zealand, Norway, Spain, the United Kingdom, the United States. The State of Israel became the fourteenth nation to sign the Recognition Arrangement in November 2000.

As of November 2010, twenty-six countries are currently part of the CCRA. Fifteen countries (Australia, Canada, France, Germany, Italy, Japan, the Netherlands, New Zealand, Norway, South Korea, Spain, Sweden, Turkey, the United Kingdom, and the United States) are Certificate Producers, and eleven countries (Austria, Czech Republic, Denmark, Finland, Greece, Hungary, India, Israel, Malaysia, Pakistan, and Singapore) are Certificate Consumers.

Site Map              Contact Us              Home