Definition

Common Criteria Evaluation and Validation Scheme for IT Security (CCEVS)

Common Criteria Evaluation and Validation Scheme for IT Security (CCEVS) is program for evaluating IT products' conformance to international IT security standards. 

CCEVS is designed to help consumers select commercial off-the-shelf (COTS) products that meet the National Information Assurance Partnership's (NIAP's) security compliance requirements, as well as help manufacturers of those products to gain acceptance in the global marketplace. The National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) established this program under the National Information Assurance Partnership (NIAP) to evaluate IT product conformance to international standards. 

Other CCEVS objectives include:

  • Developing cost-effective evaluation of IT products for government and industry.
  • Encouraging commercial security testing laboratory development and creation of a private sector security testing industry.
  • Ensuring that security evaluations of IT security products are performed to consistent standards.
  • Improving the availability of evaluated IT security products.

The CCEVS maintains a Validated Products List (VPL) containing all IT products and protection profiles that have successfully completed evaluation by the NIAP Validation Body. The NIAP Validation Body also provides technical guidance to IT security testing laboratories, validates IT security evaluations for conformance to the International Common Criteria for IT Security Evaluation and serves as an interface to other nations for the recognition of such evaluations.

 

Related glossary terms: risk intelligence (RQ)
This was last updated in February 2014
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchCompliance.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: