The main certifications for security products are the Common Criteria, Federal Information Processing Standard 140-2 (FIPS-140-2) Security Requirements for Cryptographic Modules, and ICSA Labs. Security consultancy Neohapsis--and a Network Computing lab partner--sponsors the Open Security Evaluation Criteria (OSEC), which takes a community-peer-review approach to certification with input from vendors and users.
These certifications complement one another, but if you're a government agency or contractor, you should use the CC and FIPS-140-2 certifications.
Know Your Needs
To get the most out of certifications, you must know your organization's security requirements. These should be stated in a security policy or request for proposal. With such a document in hand, you can easily compare the certification's functionality tests against your needs. It also helps to understand the certification terminology. Common Criteria provides language for building a protection profile (PP), which states your requirements.