In order to provide real-time testing, discussions, conferences and debates regarding the Common Criteria standard, a global community organizes regular meetings for the purpose of joining industry and government experts. This is so they can discuss improvements regarding the Common Criteria’s technical aspects, the policy makers, or the advancements in the use of Common Criteria globally.

The ever-changing IT world poses a truly demanding situation for all systems and components that are interacting in any computer system, especially when it comes to security. Since multiple world-wide organizations and governments rely heavily on computer security standards and protocols, it is no wonder that the Common Criteria standard emerged. However, in order to develop the standard, the need for various testing environments arose and this led to the creation of multiple testing organizations, which are currently dominating the IT security compliance and evaluation world. These are the organizations that are also present at the various Common Criteria conferences all around the world, having the aim to constantly improve what has been an otherwise well-thought standard.

The testing organizations are based in multiple countries, as follows:

  • Spain, with the National Cryptologic Center, which is a certification body that applies to systems and products that are contingent to continental Spain;
  • Canada, with the Standards Council of Canada, which is a federal corporation that has the ability to promote the standardization on Canada, especially when the law lacks any public provisions;
  • Germany, with the Federal Office for Information Security, which is in charge of handling computer and communication security for the German government;
  • France, with the French Accreditation Committee, responsible for the evaluation of all cybernetic systems operating under conformity in France;
  • U.S., with the National Institute of Standards and Technology, a standards measurement laboratory that provides innovation and industrial strength in computer security solutions.