Common Criteria

Common Criteria ISO 15408 is accepted in nearly 30 nations, making Common Criteria certificates the most widely recognized security validation available in the IT industry.

While countries have their own schemes for Common Criteria (CC), the mission of the National Information Assurance Partnership (NIAP) is to employ information technology security evaluation programs to increase consumers’ trust in the information systems and internal networks deployed within the Federal government. Federal certifications (e.g. Common Criteria, FIPS 140-2) are mandated by CNSSP #11, requiring that all IA-enabled (Information Assurance) information technology products must be approved by NIAP.

Companies invest in CC evaluation and validation to achieve the assurance federal entities require for the acquisition of IT Security products in accordance with Presidential Decision Directive 63, Critical Infrastructure Protection.

Who needs Common Criteria?

Common Criteria gives customers more confidence in the security of a range of technologies including smart cards, and thereby enables you, as a vendor, to target very specific security needs. All evaluation services are performed against ISO17025 accreditation quality standards. These certificates are internationally recognized, through the CC Recognition Arrangement (CCRA) and the Senior Officials Group Information Systems Security (SOGIS) Mutual Recognition Agreement (MRA).

What can UL do?
Being a Common Criteria laboratory enables us to offer you a unique 'one-stop-solution' and optimized services for all your security evaluation needs. Through the partnership with a set of expert Common Criteria partners and external consultants, we deliver independent support and security evaluation services to you - ensuring compliance with federally mandated security standards.

Federal Resources:

*UL offers links to these websites because we believe they may have value and relevance for consumers, manufacturers and others who share our interest in public safety. UL has no role in the development or maintenance of these websites. UL is not responsible for the content, accuracy, opinions expressed or other links provided by these resources.