Product certificates are awarded by national schemes on the basis of evaluations carried by independent testing laboratories.
It is mutually understood that, in respect of IT products and protection profiles, the Participants plan to recognise the Common Criteria certificates which have been authorised by any other certificate authorising Participant in accordance with the terms of this Arrangement and in accordance with the applicable laws and regulations of each Participant.There are some limitations to this agreement and, in the past, only evaluations up to EAL4+ were recognized.
With on-going transition away from EAL levels and the introduction of NDPP evaluations that “map” to up to EAL4 assurance components continue to be recognized.
These laboratories must meet the following requirements: CCTLs enter into contractual agreements with sponsors to conduct security evaluations of IT products and Protection Profiles which use the CCEVS, other NIAP approved test methods derived from the Common Criteria, Common Methodology and other technology based sources.
To avoid unnecessary expense and delay in becoming a NIAP-approved testing laboratory, it is strongly recommended that prospective CCTLs ensure that they are able to satisfy the scheme-specific requirements prior to seeking accreditation from NVLAP.