In a show of continued international support for a common security product evaluation methodology, two additional countries have joined an information technology arrangement initiated last year. In a ceremony on October 18, 1999, Australia and New Zealand signed an Arrangement on the Mutual Recognition of Common Criteria Certificates. This brings to seven the number of nations that have agreed to recognize each other's security product evaluations.
The Management Committee of the Common Criteria Project unanimously approved the application of Australia and New Zealand to become full participants in the international arrangement. The approval followed an assessment of the Australasian Information Security Evaluation Programme, which is managed jointly by the Australian Defense Signals Directorate and the New Zealand Government Communications Security Bureau. Participants in the Common Criteria Mutual Recognition Arrangement agree to accept the results of information technology security evaluations conducted by private sector, accredited testing laboratories within their respective countries with government certification or validation of test results. The Common Criteria Mutual Recognition Arrangement now includes the United States, Canada, France, Germany, Australia, New Zealand, and the United Kingdom.
In the United States, private laboratories accredited by the National Information Assurance Partnership (NIAP) conduct the Common Criteria-based product evaluations. The NIAP is a partnership between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) to enhance the quality of information security products and increase confidence in those products that have been evaluated objectively. The signing ceremony was conducted at the National Information Systems Security Conference in Crystal City, Virginia.