NIAP CCEVS Announcements and UpdatesFrom the
Director, NIAP Sunsetting of NIAP Protection Profiles – Effective 1 February 2012 (19 December 2011)NIAP continues to review our current list of Protection Profiles to determine which PPs should be sunsetted. We want to be sure evaluations go against correct and updated requirements (using our draft PPs when appropriate) as well as ensure evaluations are not against PPs that contradict our new policies and newly published PPs. The following PP is No Longer Viable: U.S. Government Protection Profile Database Management Systems, Version 1.3 – this PP is out of date and no longer represent accurate requirements for the database systems technology. In addition, a draft PP is not under development that has direct mapping to the database technologies. For database products, NIAP will work with the vendor and the lab to use the crypto requirements listed in the Network Device Protection Profile as well as other applicable requirements from other PPs to develop an approved ST at EAL2. A new PP will be developed with the appropriate technology vendors and will include the applicable requirements for database systems. Sunset Date: 1 February 2012. As always, should you have questions regarding the sunsetted PPs or have specific questions about a product for which is ready for a Common Criteria evaluation, please contact NIAP or call 410-854-4458. Protection Profile Updates (10 December 2011)The Network Device Protection Profile (NDPP) has been published and can be found in the U.S. Government Approved Protection Profiles listing or posted on the Common Criteria Portal. The PP describes security requirements for a Network Device (defined to be an infrastructure device that can be connected to a network), and is intended to provide a minimal, baseline set of requirements that mitigate well defined and described threats. Click here for the latest Protection Profile status. NIAP Approved Protection Profile Announcements (08 December 2011)The NIAP Director is pleased to announce the release of the following Approved Protection Profiles: USB Flash Drive Full Disk Encryption Wireless LAN Access System Wireless LAN Client Network Device Protection Profile (NDPP) Extended Package Stateful Traffic Filter Firewall This Extended Package (EP) describes security requirements for a Stateful Traffic Filter Firewall (defined to be a device that filters layers 3 and 4 (IP and TCP/UDP) network traffic optimized through the use of stateful packet inspection) is intended to provide a minimal, baseline set of requirements that are targeted at mitigating well defined and described threats. However, this EP is not complete in itself, but rather extends the Security Requirements for Network Devices protection profile (NDPP). Protection Profile for IPsec Virtual Private Network (VPN) Clients: This Protection Profile (PP) supports procurements of commercial off-the-shelf (COTS) IPsec Virtual Private Network (VPN) Clients to provide secure tunnels to authenticated remote endpoints or gateways. This PP details the policies, assumptions, threats, security objectives, security functional requirements, and security assurance requirements for the VPN and its supporting environment. updated 18 January 2012 NIAP Evolution (28 November 2011)The NIAP evolution continues to progress, with several important updates anticipated in the near term. These updates will provide specific details about various aspects of the transition. The overall goal of the changes in NIAP is Achievable, Repeatable, and Testable evaluation results. Look for upcoming information regarding the NIAP evolution, including:
Transition window for switch/router compliance to the Network Device Protection Profile (NDPP) to be extended (31 October 2011)After further consideration and discussion with several vendors, NIAP has determined that the transition window for switch/router compliance to the Network Device Protection Profile (NDPP) will be extended. NIAP CCEVS will accept evaluations in accordance with Scheme Policy 12 for switches and routers when it has been confirmed that the vendor will achieve NDPP compliance within a mutually agreed upon timeframe. Decisions to accept ST evaluations for switches and routers will be made on a case-by-case basis. Note that the current NDPP transition window for firewalls is still in effect - all firewall evaluations must be in compliance with the NDPP. Sunsetting of NIAP Protection Profiles – Effective 1 September 2011 (02 August 2011)NIAP has been reviewing our current list of Protection Profiles to determine which PPs should be sunsetted. We want to be sure evaluations go against correct and updated requirements (using our draft PPs when appropriate) as well as ensure evaluations are not against PPs that contradict our new policies and newly published PPs. There are eight PPs listed that fall into four categories:
As always, should you have questions regarding the sunsetted PPs listed above or have specific questions about a product for which is ready for a Common Criteria evaluation, please contact NIAP or call 410-854-4458. Technical Communities (17 March 2011)Technical Communities have been added to the list of links under the CCEVS Big Picture. Please view the list of communities for information and Protection Profile status. Common Criteria Reforms – Better Security Products through Increased Cooperation with Industry (01 March 2011)Chris Salter, a Technical Strategist for the NIAP, wrote this paper, “Common Criteria Reforms”, to describe the new direction for NIAP and the Common Criteria Community. The reforms discussed within the paper are intended to convince enterprises to request IT products be Common Criteria evaluated. He outlines the criteria for success and the steps necessary to convince governments and enterprises to require these CC evaluations. He goes on to state that these reforms cannot be achieved by one nation or one vendor alone – it takes a community. And it also takes time! Other Information
Previous announcements
|
||||||||||