India assumes chair of Common Criteria Development Board (CCDB)

• India assumed the chair of the Common Criteria Development Board (CCDB) for a two year term from April 2026 to April 2028.

• This was confirmed during the First Quarter Meeting of the Common Criteria Recognition Arrangement (CCRA) held from April 14 to 16 in Tokyo.

Common Criteria Recognition Arrangement (CCRA) 

• The Common Criteria Recognition Arrangement (CCRA) is the foundational international treaty that enables the mutual recognition of IT security certificates across borders. 

• Beyond the high-level policy committees, the CCRA operates through specific working groups and administrative protocols designed to maintain the integrity of the Common Criteria Portal, which serves as the “single source of truth” for certified secure IT products worldwide.

• India has been an active member of the CCRA since September 16, 2013, as a Certificate Authorising Nation. The country serves through the Ministry of Electronics and Information Technology (MeitY) and STQC Directorate, which acts as the official Certification Body for IT security evaluations in India.

• As per CCRA norms, certificates issued by member countries for products evaluated under the Common Criteria are mutually recognised without the need for re-certification, facilitating seamless international trade in secure IT products. 

• The CCRA comprises 18 certificate-authorising nations and 18 certificate-consuming nations. 

• These countries collectively ensure the integrity of the Common Criteria Portal, which serves as the authoritative global repository for certified secure IT products.

• The CCDB serves as the technical core of the CCRA, managing the international work program for the Common Criteria (CC) and the Common Methodology for Information Technology Security Evaluation (CEM). 

• While other CCRA groups handle policy matters, the CCDB focuses on the technical standards and evaluation criteria that secure global IT products.

• India’s assumption of the CCDB Chair demonstrates the nation’s technical competence and commitment to advancing global IT security standards. 

• This leadership role positions India at the forefront of defining international security evaluation methodologies and ensures that emerging technologies, particularly those relevant to India, are adequately addressed in the global standards framework. 

• The two-year term provides an opportunity for India to influence critical decisions shaping the future of IT security certification worldwide.