UPSC Prelims Practice Questions — India Assumes Chair of Common Criteria Development Board (CCDB)

Q1. Which one of the following is India's national Certification Body for IT security products under the Common Criteria Recognition Arrangement (CCRA)?

  • A. Standardisation Testing and Quality Certification (STQC) Directorate under the Ministry of Electronics and Information Technology
  • B. Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology
  • C. National Critical Information Infrastructure Protection Centre (NCIIPC) under the National Technical Research Organisation
  • D. Bureau of Indian Standards (BIS) under the Ministry of Consumer Affairs, Food and Public Distribution

Q2. With reference to the institutional architecture of the Indian Common Criteria Certification Scheme (IC3S), consider the following pairings of the Electronics Regional Testing Laboratories (ERTLs) of the STQC Directorate with their host cities: 1. ERTL (North) — Delhi 2. ERTL (East) — Kolkata 3. ERTL (South) — Thiruvananthapuram 4. ERTL (West) — Chennai Which of the pairs given above is/are correctly matched?

  1. ERTL (North) — Delhi
  2. ERTL (East) — Kolkata
  3. ERTL (South) — Thiruvananthapuram
  4. ERTL (West) — Chennai
  • A. 1, 2 and 3 only
  • B. 1 and 2 only
  • C. 3 and 4 only
  • D. 1, 2, 3 and 4

Q3. With reference to the certification ecosystem under which India operates the Indian Common Criteria Certification Scheme (IC3S), consider the following statements: 1. The STQC Directorate, an attached office under the Ministry of Electronics and Information Technology, functions as India's national Certification Body for IT security product evaluation under the Common Criteria, whereas the Indian Computer Emergency Response Team (CERT-In), also under the same Ministry, is the nodal agency for cybersecurity incident response. 2. Unlike the Bureau of Indian Standards (BIS), which is a statutory body under the Ministry of Commerce and Industry, the STQC Directorate operates under the Ministry of Electronics and Information Technology. 3. India participates in the Common Criteria Recognition Arrangement (CCRA) as a Certificate Authorizing Nation, a status which — unlike that of a Certificate Consuming Nation — enables IC3S to issue Common Criteria certificates that are mutually recognised across CCRA member economies. Which of the statements given above are correct?

  1. The STQC Directorate, an attached office under the Ministry of Electronics and Information Technology, functions as India's national Certification Body for IT security product evaluation under the Common Criteria, whereas the Indian Computer Emergency Response Team (CERT-In), also under the same Ministry, is the nodal agency for cybersecurity incident response.
  2. Unlike the Bureau of Indian Standards (BIS), which is a statutory body under the Ministry of Commerce and Industry, the STQC Directorate operates under the Ministry of Electronics and Information Technology.
  3. India participates in the Common Criteria Recognition Arrangement (CCRA) as a Certificate Authorizing Nation, a status which — unlike that of a Certificate Consuming Nation — enables IC3S to issue Common Criteria certificates that are mutually recognised across CCRA member economies.
  • A. 1 and 3 only
  • B. 1 and 2 only
  • C. 2 and 3 only
  • D. 1, 2 and 3

Q4. With reference to India's association with the Common Criteria Recognition Arrangement (CCRA), consider the following statements: 1. India became a signatory to the CCRA in September 2013 as a Certificate Authorizing Nation. 2. The Standardisation Testing and Quality Certification (STQC) Directorate under MeitY is India's national Certification Body under the CCRA. 3. India will chair the Common Criteria Development Board (CCDB) for the term April 2026 to April 2028. 4. The Common Criteria framework is codified as ISO/IEC 15408. Which of the statements given above is/are correctly identified?

  1. India became a signatory to the CCRA in September 2013 as a Certificate Authorizing Nation.
  2. The Standardisation Testing and Quality Certification (STQC) Directorate under MeitY is India's national Certification Body under the CCRA.
  3. India will chair the Common Criteria Development Board (CCDB) for the term April 2026 to April 2028.
  4. The Common Criteria framework is codified as ISO/IEC 15408.
  • A. 1 and 3 only
  • B. 2 and 4 only
  • C. 1, 2 and 3 only
  • D. 1, 2, 3 and 4

Q5. With reference to the Common Criteria Recognition Arrangement (CCRA) and India's role, consider the following statements: 1. India joined the CCRA in 2013 as a Certificate Consuming Nation and was upgraded to Certificate Authorizing Nation in 2026. 2. The Common Criteria Development Board (CCDB) is the technical apex body of the CCRA. 3. India's chairmanship of the CCDB was confirmed at the 1st Quarter CCRA Meeting held in Tokyo in April 2026. 4. The Indian Common Criteria Certification Scheme (IC3S) is operated by the STQC Directorate under MeitY. Which of the statements given above is/are NOT correct?

  1. India joined the CCRA in 2013 as a Certificate Consuming Nation and was upgraded to Certificate Authorizing Nation in 2026.
  2. The Common Criteria Development Board (CCDB) is the technical apex body of the CCRA.
  3. India's chairmanship of the CCDB was confirmed at the 1st Quarter CCRA Meeting held in Tokyo in April 2026.
  4. The Indian Common Criteria Certification Scheme (IC3S) is operated by the STQC Directorate under MeitY.
  • A. 1 only
  • B. 1 and 3 only
  • C. 2 and 4 only
  • D. 3 and 4 only

Q6. Which of the following organisations functions as India's national Certification Body for IT security products under the Common Criteria Recognition Arrangement (CCRA) through the Indian Common Criteria Certification Scheme (IC3S)?

  • A. Indian Computer Emergency Response Team (CERT-In)
  • B. National Critical Information Infrastructure Protection Centre (NCIIPC)
  • C. Standardisation Testing and Quality Certification (STQC) Directorate
  • D. Centre for Development of Advanced Computing (C-DAC)

Q7. As of 2025, how many member nations/participants are signatories to the Common Criteria Recognition Arrangement (CCRA), under which India is a Certificate Authorising Nation?

  • A. 24
  • B. 31
  • C. 36
  • D. 42

Q8. In the context of international IT security, the Common Criteria Recognition Arrangement (CCRA), to which India is a signatory, is best described as which one of the following?

  • A. An international arrangement providing for mutual recognition, among signatory nations, of IT security product certifications issued by an authorised national certification body
  • B. An ISO technical committee that drafts standards for cryptographic algorithms and key-management protocols
  • C. A UN-administered convention regulating cross-border export of dual-use cybersecurity technologies
  • D. An OECD framework for harmonising personal data-protection laws among member economies

Q9. The ITU Council, the governing body of the International Telecommunication Union of which India is a member, consists of how many elected Member States?

  • A. 36
  • B. 40
  • C. 48
  • D. 56