What is the Common Criteria?
NIAP is responsible for U.S. implementation of the Common Criteria Evaluation and Validation Scheme (CCEVS). CCEVS is an internationally recognized set of guidelines (ISO 15408), which defines a common framework for evaluating security features and capabilities of Information Technology security products against functional and assurance requirements.
The CCEVS were developed collaboratively by the governments of Canada, France, Germany, the Netherlands, the UK, and the U.S. There is a mutual recognition agreement, called the Common Criteria Recognition Agreement (CCRA), whereby each country recognizes completed evaluations against the Common Criteria standard done by other parties.
NIAP is also responsible for running the validation body which certifies that products have effectively applied the CCEVS.
According to NIAP, “all products evaluated within the Scheme must demonstrate exact compliance with the applicable technology protection profile.”
As a neutral third party, NIAP assesses the results of the security evaluation, and if successful, issues a validation certificate to the product manufacturer. At that point, the product can be placed in the U.S. NIAP Product Compliant List and the international CCRA Certified Products List.