The Common Criteria represents the outcome of efforts to develop criteria for evaluation of IT security that are widely useful within the international community. It is an alignment and development of a number of source criteria: the existing European, US and Canadian criteria (ITSEC, TCSEC and CTCPEC respectively). The Common Criteria resolves the conceptual and technical differences between the source criteria. It is a contribution to the developmentof an international standard, and opens the way to worldwide mutual recognition of evaluation results. The purpose of this Arrangement is to advance those objectives by bringing about a situation in which IT products and protection pro les which earn a Common Criteria certi cate can be procured without the need for further evaluation. It seeks to provide grounds for con dence in the reliability of the judgements on which the original certi cate was based by requiring that a Certi cation/Validation Body (CB) issuing Common Criteria certi cates should meet high and consistent standards.