News and Events

18 Oct
2017

Supporting Document Procedure

The CCDB has posted an updated Supporting Document Procedure, which describes the process for development and approval of Supporting Documents.

14 Sep
2017

ICCC Hosting

The CCRA committees invite individuals/companies to send expressions of interest for hosting future International Common Criteria Conferences to iccc@commoncriteriaportal.org.  In addition, please indicate if you would like to give a 10 minute presentation explaining your ICCC hosting capabilities during the upcoming CCRA meetings in Berlin, 24-27 October 2017.

01 Aug
2017

Addendum for Exact Conformance

Trial use of the CCv3.1 R5 Addendum for Exact Conformance is effective immediately for all evaluations against collaborative Protection Profiles (or other PPs claiming exact conformance) starting on or after 31 July 2017.  Users of the Common Criteria are invited to provide comments and feedback on the addendum by 31 December 2017 to their national CCRA scheme.  Comments may also be provided through an international Technical Community which will then be forwarded to the CCRA iTC liaison.  All comments received by 31 December 2017 will be considered prior to finalisation of the Addendum.

10 Jul
2017

Certificate Validity

The CCDB has approved a resolution to limit the validity of mutually recognized CC certificates over time.  Certificates will remain on the CPL for five years.  Effective 1 June 2019, certificates with an expired validity period (that is, 5 years or more from the date of certificate issuance) will be moved to an Archive list on the CCRA portal.

10 Jul
2017

Draft Procedure for Public Review

This draft procedure defines the concept of certificate validity and presents a method to extend a certificate's validity date.  We welcome feedback on this document prior to 1 June 2018.  Please contact your national CCRA scheme to provide comments.

08 Jun
2017

New Certificate Consuming Participant

We are pleased to announce that Ethiopia has officially signed the Common Criteria Recognition Agreement (CCRA) as a Certificate Consuming participant. Their acceptance into the CCRA will greatly benefit the longevity and strength of the arrangement, increasing the number of CCRA participants to 28!

 

05 Jun
2017

International Common Criteria Conference

An International Common Criteria Conference will not occur in 2017.  The CCRA committees are considering ICCC hosting and format options for the future, with more information to be published as decisions are reached.

10 May
2017

Full Drive Encryption (FDE) Enterprise Management Draft Available for Public Review

The FDE iTC has released the draft Enterprise Management module for public review.  Please visit the FDE Technical Community page to review the draft and related comment forms.  The public comment period will close on Friday, 26 May 2017.

05 May
2017

Network Device Collaborative Protection Profile v2.0 Published!

The Network Fundamentals and Firewalls (NDFW) international Technical Community (iTC) has been working collaboratively over the past several months to complete version 2.0 of the Network Device (ND) cPP and Supporting Document.  A special thanks to all who were involved in this effort!  More information can be found on the cPP and iTC pages.

02 May
2017

Publication of CC v3.1 Release 5

The Common Criteria Development Board is pleased to announce publication of CC v3.1 Release 5.

18 Apr
2017

Application Software (AppSW) iTC Draft Document for Public Review

The Application Software (AppSW) iTC has released the draft Security Problem Definition (SPD) document for public review. Please visit the AppSW Technical Community page to review the draft and related comment form. The public commenting period will close on Friday, May 5th, 2017. 

28 Dec
2016

Dedicated Security Components (DSC) Draft Document Released for Public Review

The Dedicated Security Component (DSC) iTC has released the draft Capabilities, Assumption and Threats document for public review. 

Please visit the DSC Technical Community page to review the draft and the related comment form. The public commenting period will end 17 January 2017. 

11 Oct
2016

CCDB DBMS WG provides ESR for DBMS cPP for public review

The DBMS WG, consisting of the certification schemes of Sweden and Germany, is pleased to provide the Essential Security Requirements (ESR) for the database management system cPP for public review according to the iTC/cPP process paper.

The WG is happy to receive any comments on the ESR until October 31st via email to Frank.Grefrath@bsi.bund.de and Fritz.Bollmann@bsi.bund.de.

22 Sep
2016

Full Drive Encryption v2.0 Collaborative Protection Profiles Published!

The Full Drive Encryption (FDE) international Technical Community (iTC) has been working collaboratively over the past several months to complete version 2.0 of the FDE Encryption Engine (EE) and FDE Authorization Acquisition (AA) cPPs and Supporting Documents.  A special thanks to all who were involved in this effort!  More information can be found on the cPP and iTC pages.

23 Aug
2016

New Draft Addendum for Network Device cPP Released for Public Review

The Network iTC has released an additional document for public review as part of the next version of the Network Device PP and SD. This document outlines the SFRs and EAs associated with the addition of DTLS as a secure communications protocol for protecting inter-TOE communications within a distributed TOE.

Please visit the Network Device Technical Community page to review the draft and the related comment form. The public commenting period will end September 2nd, 2016.

26 Jul
2016

Newest Draft of Network Device collaborative Protection Profile and Supporting Document Released for Public Review

The Network iTC is pleased to announce the public review of the next version of the Network Device cPP and Supporting Document. Please visit the Network Device Technical Community page to see the latest drafts and the related comment form. The public commenting period will end August 19, 2016.

 

20 Jul
2016

CC and CEM Review – Extension of the ISO study period and the CCDB Managed Call for Input

The partially overlapping parallel reviews of Assurance Standards in general by ISO SC27WG3 and of the CC and CEM by the CCDB produced some very useful inputs and have both been extended to 22nd August. The ISO extension call contains some refined/additional questions and can be found here: https://www.commoncriteriaportal.org/files/WG%203%20N1317%20SP_Extension_of_SP.pdf. The CCDB input will use the same process as in <http://www.commoncriteriaportal.org/workinggroups/CCReview.cfm> i.e. inputs need to be supported by a CCRA participant. Please note however that the ISO WG and the CCDB have agreed to share all relevant inputs so either route can be used.

29 Jun
2016

Two New Certificate Consuming Participants

I am pleased to announce that Singapore and Qatar have officially signed the Common Criteria Recognition Agreement (CCRA) as Certificate Consuming participants. Their acceptance into the CCRA will greatly benefit the longevity and strength of the arrangement, increasing the number of CCRA participants to 27!

Please join me in welcoming them into the CCRA.

Greg Hills

CCRA Management Committee Chair

09 Jun
2016

Common Criteria Portal Outage 10 June 2016 at 5:00 p.m. EDT

The Common Criteria Portal will be undergoing a planned outage at 5 p.m. EDT on Friday, June 10th 2016, until 9 p.m. EDT that evening.  During this window of time, site operations will be unavailable.  Please plan accordingly.

25 Apr
2016

Kick-off teleconference for the Dedicated Security Components (DSC) iTC

The kick-off teleconference for the Dedicated Security Components (DSC) international Technical Community (iTC) will be held on Friday April 29th, at 7:00 a.m. EDT.

To join the iTC, please email: iTC-DSC@niap-ccevs.org. 

More information on the DSC iTC can be found here: https://www.commoncriteriaportal.org/communities/dedicated_security_components.cfm

18 Apr
2016

Candidate iTC for Dedicated Security Components

The CCDB Dedicated Security Component Working Group has completed the Essential Security Requirements for Dedicated Security Components. Information on how to join the candidate iTC can be found here.

11 Mar
2016

Candidate iTC for Application Software

The CCDB Application Software Working Group has completed the Essential Security Requirements for Application Software. Information on how to join the candidate iTC can be found here.

08 Feb
2016

CC and CEM Review - The CCDB Managed Call for Input

Both the CCDB and ISO SC27WG3 are performing reviews involving the CC and the CEM.

Please click here for more information, as well as instructions on how to provide input to the review process.

01 Sep
2015

ICCC Update

You have just 21 days to secure your place at ICCC.  Almost 300 delegates are registered for the BIGGEST Common Criteria event in recent years – Be part of it!  

For full details, see:   www.iccc15.org.uk

13 Aug
2015

Draft USB cPP Released for Public Review

The preliminary USB cPP is available for public review. For more details, go to this topic in USB portable storage devices.

19 Jun
2015

Voluntary Termination of Infocomm Development Authority Singapore

The Infocomm Development Authority (IDA) Singapore have advised that they are voluntarily terminating their participation in the CCRA.

Despite best efforts from elected representatives of the three CCRA committees who worked with representatives of IDA Singapore to consider alternate solutions, IDA Singapore have decided to Voluntarily Terminate their CCRA Participation.  IDA Singapore advised that local conditions have meant that they were unable to resource the program responsible for CCRA activities at a level that they saw as satisfactory.  IDA Singapore continue to recognise the valuable contribution the CCRA makes in raising the level of assurance of IT products in cyber defence.

The CCRA members and CCUF representative continue to collaborate working together in improving cyber security through the development of collaborative Protection Profiles.

27 Feb
2015

The first collaborative Protection Profiles have been published!

The Full Drive Encryption (FDE) and Network Device (ND) international Technical Communities (iTC) have been working collaboratively over the past several months to complete the 
FDE Encryption Engine (EE), FDE Authorization Acquisition (AA), Network Device, and Firewall cPPs. A special thanks to all who were involved in this groundbreaking effort! 
More information can be found on the cPP and iTC pages.

30 Dec
2014

December Newsletters have been Posted

Newsletter updates providing status and contact information for both the Full Disk Encryption and Network Device/Firewall collaborative Protection Profiles have been posted.

09 Oct
2014

The USB iTC Security Problem Definition (SPD) has been posted for comment

The USB iTC Security Problem Definition (SPD) has been posted for comment.

08 Sep
2014

Twenty-six countries agree on reform to improve cyber security certification through international public-private collaboration

(New Delhi, September 8th 2014) The governments of twenty-six nations have today ratified a revision of the Arrangement on the Recognition of Common Criteria Certificates In the field of Information Technology Security (a k a Common Criteria Recognition Arrangement – CCRA). The purpose of the revision is to raise the general security of certified information and communications technology products without increasing costs or preventing timely availability of such products from commercial companies.

To accomplish these goals, it has been agreed that international Technical Communities (iTCs) should be established. Such iTCs should promote fair competition in an international, multi-stakeholder, multi-sector environment with participation from both public and private sector. Through the collaboration in the iTC:s, security functional requirements and security testing requirements for products in targeted technical areas (such as firewalls, USB storage devices, full drive encryption products etc.) will be agreed and defined in collaborative Protection Profiles (cPPs) and supporting documents in accordance with the Common Criteria for Information Technology Security Evaluation standard (ISO/IEC 15408). The ultimate goal of the reform is to facilitate reasonable, comparable, reproducible and cost-effective IT-security evaluation results for such products.

The new collaborative approach agreed by the twenty-six CCRA signatory nations gives private sector stakeholders the opportunity to work with CCRA national governments in order to maximize market acceptance for each cPP, avoid unnecessary duplication of security requirement specifications for each technology domain, and share the effort of cPP development. Participation of product vendors in this process will promote fair competition and encourage increased availability of evaluated and certified ICT products including state-of-the-art technologies. Security testing laboratories also will contribute to iTC:s, promoting consistency between testing laboratories and alignment of effective IT-security testing activities.

The CCRA Committees will govern application of the updated arrangement including consideration and approval of technology areas, iTCs and supporting documents.

Today’s ratification of the new CCRA marks the beginning of a 36-month transition period. Product evaluations already in progress can continue according to the previous version of the CCRA. During the transition period, participating nations also have agreed to recognize re-certifications and maintenance addenda issued according to the previous version of the CCRA. After September 8th 2017, mutually recognized certificates will either require protection profile-based evaluations or claim conformance to evaluation assurance levels 1 through 2 in accordance with the new CCRA.

Several CCRA nations already have implemented the updated approach to Common Criteria IT-security evaluations with promising results. International technical communities are currently working in the areas of USB storage devices, full drive encryption, network device and firewall, with approximately 10 nations and 10-20 vendors participating in each iTC. Collaborative PPs are expected to be completed this September, when the 15th annual International Common Criteria Conference (ICCC) will be hosted by India (see http://www.15icccindia.com/).

With the astounding increased use of information and communication technology in the global society and with a rapidly increasing need for reliance on ICT-products, discussions were initiated about how Common Criteria and CCRA (which was initially ratified in 1999) could be reformed to meet this demand. After years of discussions among the national governments represented in CCRA, the management committee in September 2012 provided a vision statement for the future direction Common Criteria and the CCRA. Through the vision statement the CCRA management committee noted that the general security level of general ICT certified products needed to be raised without severely impacting price and timely availability of these products. To support that goal, the level of standardization should be increased by building Technical Communities (TC) developing collaborative Protection Profiles (“cPPs”) and supporting documents, in order to reach reasonable, comparable, reproducible and cost-effective evaluation results.

In September 2013, the management committee agreed in principle on the text of the new CCRA that would implement the vision statement. This text was made available for legal review and confirmation of readiness to sign to all CCRA nations at that time. At the meeting with the CCRA management committee in Istanbul March 21st this year, the final plan for ratification of the new CCRA was agreed. In July 2014 all nations had confirmed their readiness to sign the new CCRA and the final signature procedure could commence. The new CCRA was finally ratified on September 8th, 2014.

The chair of the CCRA management committee, Mr. Dag Ströman from Swedish government, notes that:

“Supported unanimously by twenty-six nations, the new CCRA represents one of the most significant and exciting reforms to improve cyber security at an international level. Within the framework of the new CCRA, stakeholders in cyber security are invited to define security functional and assurance requirements in international Technical Communities. Via open, transparent and consensus based public-private collaboration, the intricate balance between IT-security and the associated cost to achieve such security can be agreed. The intent is to achieve a higher degree of harmonization of security requirements and avoid unnecessary fragmentation. Such fragmentation is costly for the vendors, whom otherwise may have to certify products several times against similar but disparate national requirements. Another important goal is to make the development of IT-security requirements based on Common Criteria more agile and able to adapt over time to the ever changing threat landscape. The new CCRA is the result of many nations and people’s hard efforts. It has the potential to notably improve cyber security, which is absolutely essential in today’s global society.”

Using the international standard Common Criteria (ISO/IEC 15408), system users can specify their security functional- and assurance requirements, vendors can then implement and/or make claims about the security attributes of their products, and security testing laboratories can evaluate the products to determine if they actually meet the claims. Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use that is comparable.

Through the Common Criteria Recognition Arrangement (CCRA), Twenty-six nations recognize certifications of IT-security products based on Common Criteria. The signatories of the new CCRA are government representatives from the following nations: Australia, Austria, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, India, Israel, Italy, Japan, Malaysia, the Netherlands, New Zealand, Norway, Pakistan, Republic of Korea, Singapore, Spain, Sweden, Turkey, United Kingdom, and the United States.

05 Sep
2014

Full Disk Encryption collaborative Protection Profiles (cPPs) have been posted for comment

The Full Disk Encryption: Authorization Acquisition cPP and Supporting Document and the Full Disk Encryption: Encryption Engine cPP and Supporting Document have been posted and are available for review.  Please visit the Full Disk Encryption’s Technical Community to see the latest drafts and the related comment form.  Comments are requested by Friday, September 19th.

05 Sep
2014

Network Device and Stateful Traffic Filtering Firewall collaborative Protection Profiles (cPPs) have been posted for comment

Both the Network Device and Stateful Traffic Filtering Firewall cPPs and associated Supporting Documents have been posted and are available for review.  Please visit the Network Fundamentals and Firewalls Technical Community to see the latest drafts and the related comment forms.  Comments are requested by Friday, September 19, 2014. 

05 Aug
2014

August newsletters have been posted

Newsletter updates providing status and contact information for both the Full Disk Encryption and Network Device/Firewall collaborative Protection Profiles have been posted.

03 Jul
2014

Message from the chair of the CCRA Management Committee regarding the status of the ratification of the new CCRA

The ratification of the new CCRA is making good progress.  All nations of the current CCRA have completed their national process and formally acknowledged that they are ready to sign the new CCRA. The process of signing the new CCRA will soon commence. Once all signatures has been collected, the new CCRA is ratified and is in force. A date for when the new CCRA is ratified cannot be announced beforehand, since the CCRA participants cannot in advance commit to a date by which all signatures will have been collected. There have been no significant changes made to the text compared to what previously have been announced at the CC-portal. The draft of the new CCRA is found here.

Dag Ströman,

Chair, CCRA Management Committee.

22 May
2014

The CCMC has released the FDE portal page

Read about Full Disk Encryptor in Technical Communites.

22 May
2014

The CCMC has released the FW/ND portal page

Read about Network Fundamentals and Firewalls in Technical Communites.

21 May
2014

Message from the chair of the CCRA Management Committee regarding the status of the ratification of the new CCRA

At the ICCC in Orlando an overview of the new  CCRA that had been agreed in principle by the CCRA Management Committee was presented, together with the rules for transition between the old ("current") and new CCRA. It was stated that the arrangement agreed in principle would undergo legal review in each country before final signing could commence and that it was expected that it would take between 6-12 months before the new arrangement would be ratified.

At the CCRA meeting in Istanbul the Management Committee discussed the status of the legal review of the CCRA and the plan for how to complete the signature procedure. The schedule for the revised CCRA advertised in Orlando looks so far to be accurate and the final ratification progress as expected. However, a date for when the new CCRA is ratified cannot be announced beforehand, since the CCRA participants cannot in advance commit to a date by which all signatures will have been collected.

When the new CCRA comes into force, it will be announced via the CC-portal.

Through the article 2 of the new CCRA, nations mutually recognise certificates with claims of compliance against Common Criteria assurance components of either:

  1. a collaborative Protection Profile (cPP), developed and maintained in accordance with Annex K, with assurance activities selected from Evaluation Assurance Levels up to and including level 4 and ALC_FLR, developed through an International Technical Community endorsed by the Management Committee; or
  2. Evaluation Assurance Levels 1 through 2 and ALC_FLR2.

Effective on the date of ratification, the signatories of the new CCRA agree:

a)      To recognize conformant certificates issued under the new CCRA;

b)      to recognise conformant certificates issued under the previous version the CCRA;

c)       to recognise certificates resulting from products accepted into the certification process prior to approval of the new CCRA according to the previous version of the arrangement; and

d)      for a period of 36 months from the date of ratification to recognise re-certifications and maintenance addenda issued according to the previous version of the CCRA. Thereafter, all participants shall limit recognition of certifications issued in accordance with Article 2.

The ratification of the new CCRA is still in progress.  All but a very few nations have completed their national process and formally acknowledged that they are ready to sign the new CCRA. A few nations are still processing this matter according to their national procedures. In the meanwhile, the Management Committee has agreed to make the draft text of the new CCRA publicly available. It should be noted that the text of the new CCRA is made available "as-is"; the text is not yet formally ratified and may still be subject for updates without notice.

The draft of the new CCRA is found here.

Dag Ströman,

Chair, CCRA Management Committee.

11 Mar
2014

Australia has posted a Position Statement

Australia has posted a Position Statement regarding the USB Portable Storage Device ESR. Other Position Statements pertaining to the USB effort can be found in USB Portable Storage Device Position Statements.

21 Feb
2014

USB iTC Informal Get-together During RSA

There will be an informal get-together during the RSA Conference in San Francisco. Anyone who has an interest to participate in the USB iTC that is to be established is invited to join us on Tuesday 5.30pm at:

Johnny Foley's
243 O'Farrell St, San Francisco, CA 94102
http://www.johnnyfoleys.com/

21 Feb
2014

USB iTC Kick-off Meeting

The USB iTC kick-off will be held March 5th at 20.00 GMT. The time was chosen to allow for participation from the largest number of nations spread across multiple timezones around the world. The logistics of the meeting are still being worked. The intent is to use a teleconference capability that has been offered by one of the USB vendors, which can host a large number of concurrent connections.

Details, including the agenda, will be posted on the CC Portal and the USB Secure Alliance website when they become available

PLEASE NOTE: This meeting is aimed at vendors/Labs/etc who expect to actively participate in the USB iTC. To keep the USB kick-off meeting efficient, a set of more general teleconferences will also be provided on a number of dates (and times) during March - (details to follow) and those who are interested, but whose focus may be in other technologies, are encouraged to take part in those calls instead.

21 Feb
2014

USB iTC Registration

The interim group of vendors who are assisting in the establishment of the USB iTC have created a registration form at their website here -> http://www.secureusballiance.org/register where stakeholders can get registered for participation in the iTC.  The iTC will be an independent entity, where vendors, schemes, labs, and other agencies can collaborate in a transparent and consensus-based manner."

18 Feb
2014

UK has posted a Position Statement

UK has posted a Position Statement regarding the USB Portable Storage Device ESR. Other Position Statements pertaining to the USB effort can be found  in USB Portable Storage Device Position Statements

12 Feb
2014

Germany has posted a Position Statement

Germany has posted a Position Statement regarding the USB Portable Storage Device ESR. Other Position Statements pertaining to the USB effort can be found  in USB Portable Storage Device Position Statements

03 Feb
2014

Sweden has posted a Position Statement

Sweden has posted a Position Statement regarding the USB Portable Storage Device ESR. Other Position Statements pertaining to the USB effort can be found  in USB Portable Storage Device Position Statements

16 Jan
2014

CCDB USB Working Group Announcement

The CCDB USB Working Group has completed the Essential Security Requirements for a USB Portable Storage Device. Information on international Technical Communities can be found here, and information
pertaining to the USB effort can be found here.

24 Sep
2013

India to host 2014 International Common Criteria Conference!

From the Chair of the CCRA Management Committee:

"It is with great pleasure that I’m able to announce the host for the 2014 ICCC. Our newest Certificate Authorizing Member, India, has graciously invited the CCRA to their country for the CCRA/CCUF 2014 Quarter 3 meetings and the International Common Criteria Conference. Please visit the CCRA Portal ICCC tab for future updates on date, venue and their hosting web site.
Dag Ströman, Chair CCRA Management Committee"

16 Sep
2013

India Accepted as Certificate Authorizing Scheme.

On August 30th 2013, the CCRA Management Committee voted yes to accept India as a certificate authorizing participant in the CCRA.

With this acceptance, 17 Certificate Authorizing Schemes operate under the CCRA.

11 Sep
2013

CCRA Management Committee Chair's ICCC Announcement

The following presentation was given by the CCRA Management Committee Chair regarding the agreement to a revised CCRA and Transition Plan.

CCRA MC Chair Report to 14th ICCC

04 Jan
2013

Common Criteria Users Forum.

The Common Criteria Users Forum (CCUF) mission is to provide a voice and communications channel amongst the CC community including the vendors, consultants, testing laboratories, Common Criteria organizational committees, national schemes, policy makers, and other interested parties.

The CCUF web page is located at: http://www.ccusersforum.org.

18 Sep
2012

CCRA Management Committee Vision statement for the future direction of the application of the CC and the CCRA

The CCRA Management Committee (CCMC) has at the meeting in Paris, September 17 2012, agreed on a Vision Statement for the future direction of the application of the CC and the CCRA.

05 Sep
2012

6th Newsletter for the 13th ICCC now available!

The 6th Newsletter for the 13th ICCC is now available from the 13th ICCC website. Please visit http://www.iccc2012paris.com/en/downloads to download the newsletter.

06 Jun
2012

May Newsletter for the ICCC 2012 in Paris now available.

The May edition of the ICCC 2012 in Paris is now available. Click here to read this paper online.

03 Apr
2012

ICCC2012 Newsletter available.

From the chairman of the French Scheme:

"I am pleased to inform you that the ICCC 2012 organisation committee has issued the first Newsletter for ICCC 2012. You can retrieve it from the ICCC 2012 website at http://www.iccc2012paris.com/en/downloads."

23 Feb
2012

CCDB Request For Comments

As announced at the last ICCC, the CCDB is trialing a process of requesting comments on selected items. This document, Characterizing Attacks to Fingerprint Verification Mechanisms is the first example of the use of this process. The document will be discussed by the CCDB at their meeting on 20/21 March and comments, via your national CC schemes, before that date are therefore welcomed.

At the CCDB meeting in March 2012, the topic of requesting comments for this document was discussed. All agreed to extend the comment date to 1 Sept 2012. It will be added to the CCDB agenda at the Sept 2012 meeting.

 

24 Jan
2012

13th International Common Criteria Conference

The 13th International Common Criteria Conference will take place from 18 - 20 September 2012 in Paris, France.

13th International Common Criteria Conference

02 Nov
2011

Malaysia accepted as Certificate Authorizing Scheme

With this new incorporation, 15 Certificate Authorizing Schemes operate under the CCRA.

06 Apr
2011

ICCC 12 Abstract Submissions Being Accepted

The due date for abstract submissions for the 2011 ICCC is 31 May 2011. Submit your abstract at http://12iccc.cybersecurity.my/papers.html.

09 Mar
2011

12th International Common Criteria Conference

12th Internation Common Criteria Conference

17 Nov
2010

Turkey accepted as Certificate Authorizing Scheme

With this new incorporation, 14 Certificate Authorizing Schemes operate under the CCRA.

27 Sep
2010

Regarding the application of CC by non-members of the CCRA

“The Management Committee of the Common Criteria Recognition Arrangement is aware that there are Common Criteria evaluation- and certification schemes established by countries who are not participants of the Arrangement.

The MC members share information about this development and discuss any potential consequences this has for their respective governments and other stake holders of the CCRA.

The governments of respective CCRA participant are informed about the result of these discussions and each government may act as it deem appropriate, which may include bi-lateral and/or multilateral dialogue.

The participants of the CCRA continues to share the original objectives of the arrangement and note that CCRA is open for new applications for membership.”

02 Sep
2010

The Common Criteria Portal is under transition to a new management team. All previous user functionality should be available as they were previously, with some initial modifications to improve functionality. If you experience any issues, please contact us and include the page(s) on which you experienced the issue(s), your web browser name and version, and your contact information. We will correct the problem as soon as possible and reply back.

05 Oct
2009

Italy accepted as Certificate Authorizing Scheme

With this new incorporation, 13 Certificate Authorizing Schemes operate under the CCRA.

28 Jul
2009

New release 3 of the CC/CEM v3.1!

Release 3 of the CC/CEM v3.1 is now available.

24 Mar
2009

New guides on transition to CC v3.1 and developer documentation!

New guides on transition to CC v3.1 and developer documentation are now available