Press Room Press Room Archives
Press Room Archives:Latest NSA News Speeches & Testimonies NSA Video Transcripts Freedom of Information Act Submit a FOIA Request Submit a Privacy Act Request Reading Room Frequently Requested Information Related Links Declassification and Transparency Pre-Publication Review What's New on NSA.gov Contact Information
NATIONAL SECURITY AGENCY
FORT GEORGE G. MEADE, MARYLAND 20755-6000
NSA PRESS RELEASE
Membership in International Computer Security Arrangement Increases to Thirteen Nations
International support is growing for a common information technology (IT) security product evaluation methodology, as six additional countries join the Common Criteria Mutual Recognition Arrangement. In a ceremony on May 23, 2000, Finland, Greece, Italy, Norway, Spain, and Netherlands signed the Arrangement, bringing to 13 the number of nations that have agreed to recognize each other's security product evaluations.
Increased membership in the Arrangement should provide a greater international market for evaluated IT security products. Evaluations are based on the International Common Criteria, that became an international standard, ISO Standard 15408, in 1999. The standard specifies a common language for consumers to convey IT security requirements to product developers and a common evaluation criteria to assess what the developers have produced. Participants in the Arrangement agree to accept the results of IT product security evaluations conducted by private sector, accredited testing laboratories within their respective countries with government certification or validation of test results. The existing members of the Arrangement are the United States, Canada, France, Germany, Australia, New Zealand, and the United Kingdom.
In the United States, private laboratories accredited by the National Information Assurance Partnership (NIAP) will conduct the Common Criteria-based product evaluations. The NIAP is a partnership between the National Security Agency (NSA) and the National Institute of Standards and Technology (NIST) to enhance the quality of information security products and increase confidence in those products that have been evaluated objectively.
The signing ceremony was conducted at the First International Common Criteria Conference in Baltimore, Maryland.
Historical Document | Date Posted: Jan 15, 2009