Mutual recognition of certificates
Norway, as a member of CCRA, recognises CC certificates issued by other certificate producing member nations of the CCRA.
The mutual recognition of Common Criteria certificates means that a certificate issued by a certificate producing certification authority will be recognised by all member countries in the CCRA, including certificate consuming members.
Certificate consuming member
Certificate consuming members in the CCRA can’t issue internationally recognised certificates, but they are free to issue national certificates. New members to the CCRA must participate as certificate consuming members for two years before they can be taken under consideration to become a certificate producing member. For a complete list of CCRA members, see the list on the official CC-portal.
Certificate producing members
Certificate producing CCRA members issue internationally recognised certificates. This means that a certificate issued by a certificate producing member automatically will be recognised by all members in the CCRA. This recognition is not the same as an approval for specific use, and should not be understood as a product recommendation. The mutual recognition means that all CCRA members will endorse the contents of the certificate and the quality of the certification. For those who intend to use certified products it is always important to study the Security Target (ST) to ensure that the product has the wanted security functionality. The ST and the Certification Report must be published for the mutual recognition to apply.
For a nation to achieve status as a certificate producing member, it is required that the member nation can demonstrate its suitability. This is assessed by the accomplishment of a shadow certification. In the shadow certification representatives from other certificate producing members will evaluate the certification body's work. Norway is recognised as a certificate producing member in the CCRA.
Recognised certification authorities (certificate producing members)
The following members in the CCRA can issue internationally recognised CC-certificates:
”Mutual Recognition Agreement of Information Technology Security Evaluation Certificates – Version 3.0”, or the SOGIS-agreement is an agreement between some europeean nations with membership in the EU or EFTA concerning mutual recognition of evaluation certificates after ITSEC or the CC standards. For the CC all evaluation levels (EAL1 - EAL7) are recognised. The latest edition of the agreement is from January 2010.