NIAP Approved Protection Profiles
NIAP-approved PP CCRA Partner Collaboration
In order to ensure consistency in evaluations, all schemes currently evaluating or considering evaluation of products compliant with NIAP-approved PPs should notify firstname.lastname@example.org. The notification should include the product name, vendor, evaluation start date, and NIAP-approved PP/EP with which compliance is being claimed. NIAP will collaborate with the scheme to address questions, provide guidance, and solicit feedback for improvements to the PPs.
Effective October 1, 2009, any product accepted into evaluation under the U.S. CC Scheme must claim compliance to a U.S. Government approved Protection Profile. The following Protection Profiles (PP) have been approved for use by vendors for evaluation of products under the NIAP Common Criteria Evaluation and Validation Scheme (CCEVS) and the Common Criteria Recognition Arrangement (CCRA).
In addition, NIAP is currently in the process of updating our PPs. Our first step is to update existing U. S. Government Basic Robustness Protection Profiles to reflect more current threat and functional requirements. We are referring to these as Interim PPs and, as they are completed, they will replace the corresponding Basic PPs.
Concurrently, NIAP is creating a Standard Protection Profile for each technology that will replace any corresponding U.S. Government Protection Profile. NIAP is working with industry, our customers, and the Common Criteria community to create these profiles. The first generation of these Protection Profiles will take into account the current assurance that is achievable for a technology and the Evaluation Assurance Level (EAL) will be set based on the availability of the documentation, test plans, and tools needed to obtain consistent and comparable results (see PPs in Development for a status of each PP).
A Transition End Date is determined by NIAP (in cooperation with the applicable Technical Community) upon initial publication of a NIAP-approved PP and is posted with the publication of the PP. Typically, the Transition Window for a PP will last six months. During the Transition Window, products will be accepted into evaluation against the PP or against an ST with a Letter of Intent per NIAP Policy 12. All relevant products submitted for evaluation after the Transition End Date shall only be evaluated against the NIAP-approved PP.
|Tech Type||Profile Name||Conformance Claim||CC Ver.||Short Name||Sponsor||Date(s)||Transition End Date|
|This list was generated on Tuesday, May 21st, 2013 at 9:22AM|
|Security Management||Enterprise Security Management - Identity and Credential Management||None||3.1||pp_esm_icm_v1.4||NSA||2012-09-06||2013-03-04|
|Security Management||Enterprise Security Management - Policy Management||None||3.1||PP_ESM_PM_V1.4||NSA||2012-05-23||2012-11-19|
|Security Management||Enterprise Security Management- Access Control||None||3.1||PP_ESM_AC_V2||NSA||2012-02-22||2012-08-20|
|Operating System||General-Purpose Operating System Protection Profile||None||3.1||PP_GPOS_v3.9||2013-01-15|
|Network Devices||Network Device Protection Profile (NDPP) Extended Package Stateful Traffic Filter Firewall||None||3.1||PP_ND_TFFW_EP_V1.0||NSA||2011-12-19||2012-06-16|
|Network Devices||Network Device Protection Profile (NDPP) Extended Package SIP Server||None||3.1||pp_nd_sip_ep_v1.0||NSA||2013-02-06|
|Network Devices||Network Device Protection Profile (NDPP) Extended Package VPN Gateway||None||3.1||pp_nd_vpn_gw_ep_v1.1||2013-04-15|
|Miscellaneous||Protection Profile for BIOS Update for PC Client Devices||None||3.1||pp_bios_v1.0||NSA||2013-02-13|
|VPN||Protection Profile for IPsec Virtual Private Network (VPN) Clients||None||3.1||pp_vpn_ipsec_client_v1.3||2013-04-15|
|Mobility||Protection Profile for Mobile Operating Systems||None||3.1||PP_MOBILITY_OS_V1.0||NIAP||2013-01-25|
|Mobility||Protection Profile for Mobility - Voice Over IP Application||None||3.1||PP_MOBILITY_VOIP_V0.6||NIAP||2013-01-28||2013-07-28|
|Network Devices||Protection Profile for Network Devices||None||3.1||PP_ND_V1.1||NSA||2012-06-08||2012-12-05|
|Encrypted Storage||Protection Profile for Software Full Disk Encryption||None||3.1||PP_SWFDE_v1.0||NSA||2013-02-15|
|Encrypted Storage||Protection Profile for USB Flash Drives||None||3.1||PP_USB_FD_v1.0||NSA||2011-12-01||2012-05-29|
|Wireless LAN||Protection Profile for Wireless Local Area Network (WLAN) Access Systems 15 November 2011 Version 1.0||None||3.1||PP_WLAN_AS_V1.0||NSA||2011-12-01||2012-05-29|
|Wireless LAN||Protection Profile for Wireless Local Area Network (WLAN) Clients||None||3.1||PP_WLAN_CLI_V1.0||NSA||2011-12-19||2012-06-16|
|Multi Function Device||U.S. Government Protection Profile for Hardcopy Devices Version 1.0 (IEEE Std. 2600.2™-2009)||EAL2 Augmented||3.1||PP_HCD_EAL2_V1.0||IEEE Computer Society Information Assurance (C/IA) Committee||2010-02-26|
|Peripheral Switch||Validated Protection Profile - Peripheral Sharing Switch for Human Interface Devices Protection Profile, Version 2.1||EAL2 Augmented||3.1||PP_PSSHID_V2.1||NSA||2010-09-07|