Defence Signals Directorate Reveal their secrets....Protect our own

Mutual Recognition and the Common Criteria Recognition Arrangement (CCRA)

Mutual Recognition

If a product has been evaluated by a certificate producing member of the CCRA, the AISEP is able to mutually recognise the results of the certification and list the product on the "Certified Products" page of the EPL. This is generally done automatically as the AISEP becomes aware of the certification from CCRA schemes. The AISEP requires access to the following documents in order to list the product:

  • The Security Target (ST);
  • The Certification Report (CR);
  • The Certificate, where possible.

The Common Criteria website is available at www.commoncriteriaportal.org

CCRA

In 1998 a Common Criteria Recognition Arrangement (CCRA) was established between Canada, France, Germany, the United Kingdom and the United States. In 1999 Australia and New Zealand joined the CCRA. This agreement recognises standards of IT security certification between the members using a process called Mutual Recognition. This agreement is at present limited to the first four security levels of the CC, EAL1 to EAL4, but negotiations are continuing to extend the agreement. In addition, Australia, New Zealand and the United Kingdom have agreed to recognise their respective ITSEC certificates up to level E6. The existence of the mutual recognition arrangements means that IT security products evaluated overseas and covered by the above agreements do not need to be reevaluated as the evaluation standards applied to them are the same as those used in Australia. However, caveats may relate to the use of some products within Australian Government agencies. This applies particularly to any products employing cryptography, which will need additional review by DSD.

CCRA Partners

Canada

Canadian Common Criteria Evaluation and Certification Scheme
PO Box 9703, Terminal
Ottawa, Canada K1G 3Z4
Phone: +1 613 991 7956
Fax: +1 613 991 7455
www.cse-cst.gc.ca

France

Direction Centrale de la Sécurité des Systèmes
d'Information
51 Boulevard de Latour-Maubourg
75700 PARIS 07 BP, France
Phone: +33 1 71758265
Fax: +33 1 71758260
www.ssi.gouv.fr

Germany

Bundesamt fur Sicherheit in der
Informationstechnik
Referat 111 2.2
Godesberger Allee 185-189
53175 Bonn, Germany
Phone: +49 228 9582 111
Fax: +49 228 9582 455
www.bsi.bund.de

Japan

Japan Information Technology Security Evaluation and Certification Scheme (JISEC)
Information Security Certification Office Information Technology Promotion Agency (IPA)
Bunkyo Green Court center office
2-28-8 Hon-Komagome, Bunkyo-ku,
Tokyo 113-6591
Japan
Tel: +81-3-5978-7538
Fax: +81-3-5978-7548
http://www.ipa.go.jp

South Korea

Korea IT Security Evaluation and Certification Scheme (KECS).
IT Security Certification Centre (ITSCC)
Hansol B/D 10F, 736-1 Yeoksam-dong
Gangnam-gu, Seoul Korea
135-983
Tel.: +82-2-3412-3380
Fax: +82-2-557-1129
www.kecs.go.kr

The Netherlands

TNO Certification
P.O. Box 541
7300 AM Apeldoorn
The Netherlands
Phone.: +31 55 549 34 68
Fax: +31 55 549 32 88
http://www.tno-certification.nl

Norway

Norwegian Certification Authority for IT Security (SERTIT)
SERTIT
P.O. Box 14
N-1306 BPD
Norway
Tel: +47 67 86 40 00
Fax: +47 67 86 40 09
www.sertit.no/

United Kingdom

UK IT Security Evaluation & Certification Scheme
PO Box 152
Cheltenham GL52 5UF, United Kingdom
Phone: +44 1242 238739
Fax: +44 1242 235233
www.cesg.gov.uk

United States of America

National Information Assurance Partnership
Department of Defence
9800 Savage Road, Suite 6740
Ft. George Meade, MD 20755-6740, USA
Phone: +1 410 854 4458
Fax: +1 410 854 6615
http://www.niap-ccevs.org/