Common Criteria Evaluation and Validation Scheme for IT Security (CCEVS) is program for evaluating IT products' conformance to international IT security standards.
CCEVS is designed to help consumers select commercial off-the-shelf (COTS) products that meet the National Information Assurance Partnership's (NIAP's) security compliance requirements, as well as help manufacturers of those products to gain acceptance in the global marketplace. The National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) established this program under the National Information Assurance Partnership (NIAP) to evaluate IT product conformance to international standards.
Other CCEVS objectives include:
- Developing cost-effective evaluation of IT products for government and industry.
- Encouraging commercial security testing laboratory development and creation of a private sector security testing industry.
- Ensuring that security evaluations of IT security products are performed to consistent standards.
- Improving the availability of evaluated IT security products.
The CCEVS maintains a Validated Products List (VPL) containing all IT products and protection profiles that have successfully completed evaluation by the NIAP Validation Body. The NIAP Validation Body also provides technical guidance to IT security testing laboratories, validates IT security evaluations for conformance to the International Common Criteria for IT Security Evaluation and serves as an interface to other nations for the recognition of such evaluations.