We are proud to announce that in July 2025, Cyprus, represented by the Office of the Commissioner of Communications – Digital Security Authority (as the designated National Cybersecurity Certification Authority), officially joined the Common Criteria Recognition Arrangement (CCRA) as a Certificate Consuming participant. This means that Cyprus will recognize Common Criteria Certificates for IT Products and Protection Profiles.
The participants in this Arrangement share the following objectives:
- to ensure that evaluations of Information Technology (IT) products and protection profiles are performed to high and consistent standards and are seen to contribute significantly to confidence in the security of those products and profiles
- to improve the availability of evaluated, security-enhanced IT products and protection profiles
- to eliminate the burden of duplicating evaluations of IT products and protection profiles
- to continuously improve the efficiency and cost-effectiveness of the evaluation and certification/validation process for IT products and protection profiles.
The purpose of this Arrangement is to advance these objectives by bringing about a situation in which IT products and protection profiles which earn a Common Criteria certificate, can be procured or used without the need for further evaluation. It seeks to provide grounds for confidence in the reliability of the judgements on which the original certificate was based by requiring that a Certification/Validation Body (CB) issuing Common Criteria certificates should meet high and consistent standards.
This milestone marks a significant step forward in Cyprus’ commitment to enhancing cybersecurity and ensuring trust in ICT products and services.
