NIAP has coordinated the production of a white paper (Technical Communities: A Collaborative Approach for Protection Profile Development) outlining our initial efforts focused on the organizational aspects of building a vibrant and collaborative set of Technical Communities to develop, maintain and manage Protection Profiles (PPs) in support of NIAP’s goals.
The NIAP evolution continues to progress, with several important updates anticipated in the near term. These updates will provide specific details about various aspects of the transition. The overall goal of the changes in NIAP is Achievable, Repeatable, and Testable evaluation results.
Look for upcoming information regarding the NIAP evolution, including:
- Elimination of the NIAP “In Evaluation” list – provides dates and rationale for elimination of the current In Evaluation list;
- Updated NIAP Policy 12 “Acceptance Requirements of a Product for CCEVS Validations” – updates the current policy and includes requirements for evaluation against NIAP approved Protection Profiles;
- PP Transition announcement – defines the transition to NIAP-approved PPs and product end of life/maintenance information;
- National Security System (NSS) Acquisition announcement – proposed criteria for products to be listed on NIAP’s Product Compliant List (PCL) and for acquisition of COTS products to be used on NSS or to protect NSS information;
- Product End of Life/Maintenance announcement – provides milestones for implementation of the NIAP End of Life/Maintenance process, including information about how previously evaluated products must comply; and
- New NIAP Cryptographic Policy - defines the relationship between the cryptographic requirements of a Target of Evaluation (TOE) in evaluation and the verification of those requirements through activities performed by the NIST Cryptographic Algorithm Validation Program (CAVP)/ Cryptographic Module Validation Program (CMVP).
![[X]](/assets/images/button_close.gif){kind=small}