The international Common Criteria Recognition Arrangement (CCRA) brings together 26 nations who agree to accept a unified approach to the evaluations of information technology products and protection profiles for information assurance and security. This arrangement benefits member nation governments and other customers of IT products by creating more clarity in procurement decisions, more precision in evaluations, a better balance of security and features, and more rapid access to products from industry.
As the basis for the international standards ISO/IEC15408 and ISO/IEC 18045, Common Criteria is a framework in which:
government, military and other users can specify their security functional and assurance requirements through the use of protection profiles,
vendors can then implement and/or make claims about the security attributes of their products,
and testing laboratories can evaluate the products to determine if they actually meet the claims.