The revision of the settlement on the recognition of certificates of Common Criteria in the field of information technology security (known as CCRA) ratified by 26 countries members of the same, including Spain, and whose text is available in the following link http://www.commoncriteriaportal.org/files/CCRA%20-%20July%202,% 202014% 20-% 20Ratified% 20September% 208% 202014.pdf , was published on 8 september 2014.
On the part of spain has made a joint signing between the centre Cryptologic, national and the state secretariat for Public administrations.
This revision of the settlement is the outcome of the work carried out during the years 2013 and 2014 to produce a new, updated version according to the evolution since the signing of the first Settlement on 23 may 2000.
The Agreement specifies the required profile of common criteria Certificates, certification bodies and Evaluation of the security of information technologies. Other developments have included better collaboration público-privada through the establishment of so-called international technical communities (international Technical Communities (iTCs)) and the definition of functional requirements of security through the profiles of collaborative protection (collaborative Protection Profiles (cPPs)) applicable to products such as USB devices, firewall, cifradores of cds, etc.
Certificates are issued by the security certification bodies, in spain The certification body of the national assessment and certification of the it security
The arrangement has interest to the National security (Royal Decree 3/2010, on 8 january) that, in connection with the acquisition of products, provides for:
- assess positively the certification of security in the acquisition of products on the part of the public authorities (item 18.1)
- recognizes the role of the national certification body (item 18 (3))
- shows how the use of products whose security may be certified contributes to the satisfaction of safety requirements so provided in the security measures for the adequate protection of information (Annex II)
- e includes model clause to the technical requirements (RD 3/2010, annex V).