CCCS — Canada's Common Criteria Scheme

CCCS, the Canadian Centre for Cyber Security, operates Canada’s Common Criteria scheme (CCS). Like NIAP, CCCS emphasises collaborative Protection Profile evaluations and is a leading participant in international Technical Communities that develop cPPs.

Key facts

• Authorizing body: Canadian Centre for Cyber Security (CCCS), part of the Communications Security Establishment (CSE)
• Country / region: Canada
• Year established: Canada’s CC scheme has operated since the standard’s introduction; CCCS took over as the brand in 2018, consolidating earlier CSE-led activities
• Product types: network devices, operating systems, mobile platforms, application software, and other cPP-aligned categories
• CCRA status: Certificate Authorizing Member; Canada co-chairs or participates in multiple iTCs
• Canonical portal: https://www.cyber.gc.ca/en/tools-services/canadian-common-criteria-program

Overview

CCCS oversees CCS evaluations carried out by Canadian CCTLs. The scheme’s output is dominated by evaluations against collaborative Protection Profiles, aligning closely with NIAP’s approach while remaining distinct in administration. Canada has long been a major contributor to CCRA Technical Communities, including those for network devices, dedicated security components, and endpoint products.

How evaluations work under this scheme

A vendor engages a CCS-accredited CCTL, which runs evaluation activities from the chosen cPP and its Supporting Document. CCCS reviews the Evaluation Technical Report and issues a Certification Report. Canadian certificates are posted to the CCS Certified Product List and mirrored in the CCRA portal for mutual recognition.

Notable product categories

• Network devices (firewalls, VPN gateways, routers, switches) under NDcPP
• Dedicated security components (HSMs, enterprise session controllers) under DSCcPP
• Operating systems and application software
• Full-disk encryption and cryptographic modules (as applicable)
• Mobile platforms and management products

Relationship to CC baseline

CCS evaluations align with ISO/IEC 15408, the CEM, and cPP-driven evaluation activities. CCCS works within the CCRA mutual recognition framework and leverages Technical Community outputs, keeping evaluations methodologically consistent with NIAP, Swedish, and other cPP-focused schemes.

Where to find official records

• Canadian Certified Product List: https://www.cyber.gc.ca/en/tools-services/canadian-common-criteria-program/certified-products
• CCRA portal: https://www.commoncriteriaportal.org/products/
• NenkinTracker consolidates CCCS records with other schemes for unified tracking.

See also: Protection Profiles, EAL Levels, Glossary.