152:
To become a CCTL, a testing laboratory must go through a series of steps that involve both the NIAP Validation Body and NVLAP. NVLAP accreditation is the primary requirement for achieving CCTL status. Some scheme requirements that cannot be satisfied by NVLAP accreditation are addressed by the NIAP
148:
which use the CCEVS, other NIAP approved test methods derived from the Common
Criteria, Common Methodology and other technology based sources. CCTLs must observe the highest standards of impartiality, integrity and commercial confidentiality. CCTLs must operate within the guidelines established by
81:
It is mutually understood that, in respect of IT products and protection profiles, the
Participants plan to recognise the Common Criteria certificates which have been authorised by any other certificate authorising Participant in accordance with the terms of this Arrangement and in accordance with
206:
In Canada the
Communications Security Establishment Canada (CSEC) Canadian Common Criteria Scheme (CCCS) oversees Common Criteria Evaluation Facilities (CCEF). Accreditation is performed by Standards Council of Canada (SCC) under its Program for the Accreditation of Laboratories – Canada (PALCAN)
182:
To avoid unnecessary expense and delay in becoming a NIAP-approved testing laboratory, it is strongly recommended that prospective CCTLs ensure that they are able to satisfy the scheme-specific requirements prior to seeking accreditation from NVLAP. This can be accomplished by sending a
207:
according to CAN-P-1591, the SCC’s adaptation of ISO/IEC 17025-2005 for ITSET Laboratories. Approval is performed by the CCS Certification Body, a body within the CSEC, and is the verification of the applicant's ability to perform competent Common
Criteria evaluations.
93:
There are some limitations to this agreement and, in the past, only evaluations up to EAL4+ were recognized. With on-going transition away from EAL levels and the introduction of NDPP evaluations that “map” to up to EAL4 assurance components continue to be recognized.
75:
Common
Criteria Recognition Arrangement (CCRA) or Common Criteria Mutual Recognition Arrangement (MRA) is an international agreement that recognizes evaluations against the Common Criteria standard performed in all participating countries.
160:
Located in the U.S. and be a legal entity, duly organized and incorporated, validly existing and in good standing under the laws of the state where the laboratory intends to do business
23:
model provides for the separation of the roles of evaluator and certifier. Product certificates are awarded by national schemes on the basis of evaluations carried by independent
194:#1 Common Criteria Evaluation and Validation Scheme for Information Technology Security — Organization, Management, and Concept of Operations and Scheme Publication
163:
Accept U.S. Government technical oversight and validation of evaluation-related activities in accordance with the policies and procedures established by the CCEVS
119:
224:
273:
197:#4 Common Criteria Evaluation and Validation Scheme for Information Technology Security — Guidance to Common Criteria Testing Laboratories
88:
International
Agreement, Arrangement on the Recognition of Common Criteria Certificates In the field of Information Technology Security
288:
34:
is a third-party commercial security testing facility that is accredited to conduct security evaluations for conformance to the
283:
304:
268:
175:
A testing laboratory becomes a CCTL when the laboratory is approved by the NIAP Validation Body and is listed on the
225:"Arrangement on the Recognition of Common Criteria Certificates In the field of Information Technology Security"
153:
Validation Body. At present, there are only three scheme-specific requirements imposed by the
Validation Body.
263:
176:
144:
CCTLs enter into contractual agreements with sponsors to conduct security evaluations of IT products and
63:
In France they are called
Centres d’Evaluation de la Sécurité des Technologies de l’Information (CESTI)
231:
8:
122:
requirements and conduct IT security evaluations for conformance to the Common
Criteria.
145:
140:
NIAP specific criteria for IT security evaluations and other NIAP defined requirements
137:
NIST Handbook 150-20, NVLAP Information
Technology Security Testing — Common Criteria
184:
35:
20:
309:
190:
Additional laboratory-related information can be found in CCEVS publications:
298:
103:
39:
278:
166:
Accept U.S. Government participants in selected Common Criteria evaluations.
38:
international standard. Such facility must be accredited according to
57:
In Canada they are called Common Criteria Evaluation Facility (CCEF)
54:
In the US they are called Common Criteria Testing Laboratory (CCTL)
66:
In Germany they are called IT Security Evaluation Facility (ITSEF)
60:
In the UK they are called Commercial Evaluation Facilities (CLEF)
111:
258:
134:
NIST Handbook 150, NVLAP Procedures and General Requirements
115:
107:
70:
130:
These laboratories must meet the following requirements:
82:
the applicable laws and regulations of each Participant.
259:
US: Common Criteria Evaluation and Validation Scheme
112:
National Voluntary Laboratory Accreditation Program
187:to the NIAP prior to entering the NVLAP process.
156:NIAP approved CCTLs must agree to the following:
296:
120:Common Criteria Evaluation and Validation Scheme
108:National Institute of Standards and Technology
274:Canada: Common Criteria Evaluation Facilities
50:List of laboratory designations by country:
284:List of Common Criteria evaluated products
116:National Information Assurance Partnership
264:US: Common Criteria Testing Laboratories
71:Common Criteria Recognition Arrangement
297:
42:with its national certification body.
291:— available free as a public standard
279:Common Criteria Recognition Agreement
170:
125:
13:
14:
321:
252:
114:(NVLAP) accredits CCTLs to meet
97:
269:Canada: Common Criteria Scheme
217:
1:
305:Computer security procedures
230:. CSEC. 2013. Archived from
16:Computer security laboratory
7:
45:
10:
326:
177:Approved Laboratories List
201:
210:
91:
78:
25:testing laboratories
146:Protection Profiles
171:CCTL accreditation
32:testing laboratory
30:A Common Criteria
126:CCTL requirements
317:
246:
245:
243:
242:
236:
229:
221:
185:letter of intent
89:
325:
324:
320:
319:
318:
316:
315:
314:
295:
294:
255:
250:
249:
240:
238:
234:
227:
223:
222:
218:
213:
204:
173:
128:
100:
90:
87:
73:
48:
36:Common Criteria
21:Common Criteria
17:
12:
11:
5:
323:
313:
312:
307:
293:
292:
286:
281:
276:
271:
266:
261:
254:
253:External links
251:
248:
247:
215:
214:
212:
209:
203:
200:
199:
198:
195:
172:
169:
168:
167:
164:
161:
142:
141:
138:
135:
127:
124:
99:
96:
85:
72:
69:
68:
67:
64:
61:
58:
55:
47:
44:
15:
9:
6:
4:
3:
2:
322:
311:
308:
306:
303:
302:
300:
290:
289:ISO/IEC 15408
287:
285:
282:
280:
277:
275:
272:
270:
267:
265:
262:
260:
257:
256:
237:on 2013-10-17
233:
226:
220:
216:
208:
196:
193:
192:
191:
188:
186:
180:
178:
165:
162:
159:
158:
157:
154:
150:
147:
139:
136:
133:
132:
131:
123:
121:
117:
113:
109:
105:
104:United States
98:United States
95:
84:
83:
77:
65:
62:
59:
56:
53:
52:
51:
43:
41:
40:ISO/IEC 17025
37:
33:
28:
26:
22:
239:. Retrieved
232:the original
219:
205:
189:
181:
174:
155:
151:
143:
129:
101:
92:
80:
79:
74:
49:
31:
29:
24:
18:
149:the CCEVS.
299:Categories
241:2013-03-03
86:—
46:Examples
118:(NIAP)
110:(NIST)
102:In the
202:Canada
310:Tests
235:(PDF)
228:(PDF)
211:Notes
106:the
19:The
301::
179:.
27:.
244:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.