The international arrangement on the mutual recognition of IT security certificates on the basis of CC (Common Criteria Recognition Arrangement (CCRA-2014)) was ratified on 8 September 2014.

The CCRA relates to CC certificates based on a Collaborative Protection Profile (cPP) (used strictly as envisaged), to certificates for assurance components up to and including the level EAL 2 or the Flaw Remediation (ALC_FLR) troubleshooting family, and to certificates for protection profiles and for collaborative protection profiles (cPPs).

CCRA-2014 replaces the old CCRA from May 2000. Certificates that were issued according to CCRA-2000 prior to 8 September 2014 are still recognised under the CCRA-2000 rules. For ongoing certification processes until 8 September 2014 and for the maintenance of old certificates in the event of changes (assurance continuity: maintenance or re-certification), a transitional period until 8 September 2017 for the recognition of certificates according to the CCRA-2000 rules (i.e. assurance components up to and including the level EAL 4 or Flaw Remediation (ALC_FLR) troubleshooting family) was agreed upon.

By September 2014, the national bodies of the following nations had become signatory parties to CCRA-2014: Austria, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, India, Israel, Italy, Japan, Malaysia, Netherlands, New Zealand, Norway, Pakistan, Singapore, South Korea, Spain, Sweden, Turkey, UK, USA.

On the terms of this agreement, the BSI, while accounting for the above-mentioned general conditions (CPP conformity, recognition up to EAL 2, recognition up to EAL 4 when applying transitional rules), recognises certificates for products and for protection profiles from the national certification bodies of the following countries: Australia/New Zealand, Canada, France, India, Italy, Japan, Malaysia, Netherlands, Norway, South Korea, Spain, Sweden, Turkey, UK, USA.

The current list of CCRA members and certification bodies ("licensed laboratories") can be viewed on the http://www.commoncriteriaportal.org website. The website also provides information about cPPs and CC supporting documents, and about the international technical communities (iTCs) that develop cPPs.

For any BSI certificate, the CCRA logo with the corresponding additional text indicates if and how the certificate is covered by this recognition arrangement. If certificates includes assurance components above the recognition level (cPP/EAL 2/EAL 4 when applying transitional rules), then the evaluation results for these components are recognised at the respective upper recognition limit according to CCRA-2014 or CCRA-2000.