CCRA

The Common Criteria Recognition Arrangement (CCRA) is a multilateral arrangement under which signatory governments recognise certifications issued by each other's national schemes for the security evaluation of information-technology products. The underlying technical standard, Common Criteria for Information Technology Security Evaluation, is published as ISO/IEC 15408, and the Common Evaluation Methodology as ISO/IEC 18045. Products are certified at one of seven Evaluation Assurance Levels (EAL1 through EAL7) against Protection Profiles or Security Targets. The arrangement has 38 signatories — about 20 Certificate Authorising Nations that can issue certificates and roughly 18 Certificate Consuming Nations that recognise them. India joined the CCRA as a Certificate Authorising Nation on September 16, 2013. The nodal Indian body is the Standardisation Testing and Quality Certification (STQC) Directorate of MeitY, which operates the Indian Common Criteria Certification Scheme (IC3S). The technical arm of CCRA is the Common Criteria Development Board (CCDB); India assumed the CCDB chair for 2026-2028.

• 1 38 signatories: 20 authorising plus 18 consuming nations.
• 2 Standards: ISO/IEC 15408 (Common Criteria) and ISO/IEC 18045 (CEM).
• 3 Seven Evaluation Assurance Levels, EAL1 to EAL7.
• 4 India joined as a Certificate Authorising Nation on September 16, 2013.
• 5 STQC under MeitY runs the Indian Common Criteria Certification Scheme (IC3S).
• 6 India chairs the Common Criteria Development Board (CCDB) for 2026-2028.

India assumed the chair of the Common Criteria Development Board for the 2026-2028 cycle at the CCRA meeting in Tokyo in April 2026, reflecting its growing footprint in global IT security standards.