The National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) established a program under the National Information Assurance Partnership (NIAP) to evaluate IT product conformance to international standards.

Characteristics of the Common Criteria certification include the following:

The Common Criteria program, officially known as the NIAP Common Criteria Evaluation and Validation Scheme for IT Security (CCEVS) is a partnership between the public and private sectors. This program is intended to help consumers select commercial off-the-shelf information technology (IT) products that meet necessary security requirements and to help manufacturers of those products gain acceptance in the global marketplace. VMware has participated in Common Criteria (CC) evaluation of products beginning with VMware ESX Server 2.5 and VMware VirtualCenter 1.2 in March 2006.

As of 1 Aug 2012, the NIAP have instituted multiple changes to the Common Criteria certification processes, including changes to the certification levels offered, and eliminating the “In Evaluation List”. The highest level of certification now available is EAL 2+ (Evaluation Assurance Level 2). This new designation is more robust than the previous EAL4+ certification level, which was the highest level previously attainable. Each successive level of the Common Criteria is harder to achieve and requires additional validation, testing, and documentation.

vSphere 5.1, including the new Single-Sign on components is currently under evaluation under the new EAL2+ certification. EAL2+ is now the highest level of certification available, and is at least equivalent to the previous EAL4+ designation.