(Common Criteria for Information Technology Security) An international standard process for defining security objectives and for evaluating compliance with those objectives. The Common Criteria have largely replaced the Trusted Computer Security Evaluation Criteria (TCSEC), the Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) and the European Information Technology Security Evaluation Criteria (ITSEC). See NCSC.

The Common Criteria comprise an extremely comprehensive program that is made up of many parts. For example, the Mutual Recognition Arrangement (MRA) is an informal agreement among countries that accepts the results of each other's security testing and evaluations. The U.S. signatories, NSA and NIST, working jointly for the National Information Assurance Partnership (NIAP) have developed an informal standard called the Common Criteria Evaluation and Validation Scheme (CCEVS). CCEVS summarizes all the standards used by the U.S. in order to conform to the Common Criteria.