Common Criteria evaluation of products can open up coveted government markets to vendors of IT security products and provide independent assurance to their customers. In Australia, it’s the Evaluated Products List, in the US, the Validated Products List. Each of the twenty-four nations that recognise the Common Criteria has unique terminology, evaluation processes and policies that underpin demand for evaluated products. This presentation seeks to demystify the process of Common Criteria evaluation, and explores some of the key policies and compliance drivers here in Australia and overseas. It examines how vendors can reduce cost and time to the evaluated product market by ensuring that scope is matched to those drivers, and explains how users of evaluated IT security products can understand and drive evaluation scope. This presentation is a must-see for vendors of IT security products and consumers of evaluated products such as ITSAs, as well as organisations that require independent assurance in the security of their deployed solutions.