International partners

The Common Criteria Recognition Arrangement (CCRA) was established in 1998 for each international partner of the arrangement to recognise a Common Criteria certificate awarded by a certificate authorising participant. Initially the CCRA comprised Canada, France, Germany, the United Kingdom and the United States. It now includes 26 nations. Australia and New Zealand joined the CCRA in 1999.

Consumers can be confident that each certificate authorising participant of the CCRA ensures that evaluations are performed to high and consistent standards. This arrangement for recognising standards of IT security certification between member countries is called mutual recognition and eliminates the need for duplicating an evaluation.

This agreement is currently limited to the first four security levels of the CC, EAL1 to EAL4, without cryptographic functionality. Certifications governed by this arrangement are treated as being included on the DSD Evaluated Products List (EPL). Products certified above CC EAL4 by another CCRA scheme are considered, in terms of fulfilling Information Security Manual (ISM) requirements, to be at CC EAL4 assurance level.

Caveats may relate to the use of some products within Australian and New Zealand government agencies. This applies particularly to products employing cryptography, which require an additional review by DSD called a DSD Cryptographic Evaluation (DCE).

Mutual recognition

Australia, New Zealand and the United Kingdom recognise their respective ITSEC certificates up to level E6. AISEP no longer conducts ITSEC certification or certificate extension activities.