International support is growing for a common information technology (IT) security product evaluation methodology, as six additional countries join the Common Criteria Mutual Recognition Arrangement. In a ceremony on May 23, 2000, Finland, Greece, Italy, Norway, Spain, and Netherlands signed the Arrangement, bringing to 13 the number of nations that have agreed to recognize each other's security product evaluations.
Increased membership in the Arrangement should provide a greater international market for evaluated IT security products. Evaluations are based on the International Common Criteria, that became an international standard, ISO Standard 15408, in 1999. The standard specifies a common language for consumers to convey IT security requirements to product developers and a common evaluation criteria to assess what the developers have produced. Participants in the Arrangement agree to accept the results of IT product security evaluations conducted by private sector, accredited testing laboratories within their respective countries with government certification or validation of test results. The existing members of the Arrangement are the United States, Canada, France, Germany, Australia, New Zealand, and the United Kingdom.
In the United States, private laboratories accredited by the National Information Assurance Partnership (NIAP) will conduct the Common Criteria-based product evaluations. The NIAP is a partnership between the National Security Agency (NSA) and the National Institute of Standards and Technology (NIST) to enhance the quality of information security products and increase confidence in those products that have been evaluated objectively.
The signing ceremony was conducted at the First International Common Criteria Conference in Baltimore, Maryland.