NIAP Launches SBOM Pilot (07 March 2024)
NIAP has launched the SBOM pilot. All evaluations and assurance maintenance activities submitted to NIAP for evaluation claiming conformance against the Application Software Protection Profile (AppSW PP) or the future Application Software Collaborative Protection Profile (AppSW cPP) will be required to include an SBOM. All applicable evaluations actions submitted to NIAP starting March 1, 2024 must conform to this policy. All applicable assurance maintenance activities starting September 1, 2024 must conform to this policy.
SBOM Process: Labgram 117 / Valgram 136
Previous Announcements
NIAP Endorses NDcPP v3.0e (14 December 2023)
NIAP has endorsed the Network Device collaborative Protection Profile v3.0e (NDcPP v3.0e) and published the cPP and Supporting Document to the NIAP-Approved PP List. This endorsement is a formal statement that products successfully evaluated against the NDcPP v3.0e that demonstrate exact conformance to the cPP, and in compliance with all NIAP policies, will be placed on the NIAP Product Compliant List. This version succeeds Version 2.2e which will sunset effective 14 June 2024.
NIAP Progress Report - Third Quarter 2023 (29 November 2023)
See the NIAP Third Quarter Progress Report to learn about recent NIAP accomplishments and activities, and upcoming releases. Read the Report Here
NIAP SBOM Policy Review (24 November 2023)
The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) has released draft SBOM policy documents and an accompanying comment matrix to the CCUF portal. If you are interested in providing feedback please send your completed comment matrix to SBOM_team@niap-ccevs.org by COB December 8th.
Also, if you'd like to be added to the NIAP SBOM information alias, please send your request to SBOM-staff@niap-ccevs.org.
Call for Participants in the Retransmission Device Technical Community (07 November 2023)
The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be a part of the Retransmission Device (RD) Technical Community (TC). Members of this TC are expected to provide technical input to develop a baseline set of security requirements for inclusion in the RD Protection Profile and support the RD requirements in the Commercial Solutions for Classified program's Mobile Access Capability Package.
For more information regarding the new Protection Profile, please view the Essential Security Requirements (ESR) document here.
All interested parties should contact NIAP/CCEVS at tc-rd-staff@niap-ccevs.org, providing the information listed below for each potential participant:
• Name
• Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)
• Telephone number
• Email address
• A brief statement of the qualifications for participation in the TC
The initial kick-off meeting will commence December 7, 2023. We look forward to your participation!
Call for Participants in the SDN Technical Community (18 October 2023)
The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be a part of the Software Defined Networking (SDN) Technical Community (TC). Members of this TC are expected to provide technical input to develop a baseline set of security requirements for inclusion in the SDN Protection Profile.
All interested parties should contact NIAP/CCEVS at tc-sdn-staff@niap-ccevs.org, providing the information listed below for each potential participant:
• Name
• Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)
• Telephone number
• Email address
• A brief statement of the qualifications for participation in the TC
The initial kick-off meeting will commence January 10, 2024. Connection information will be sent to members of the TC. We look forward to your participation!
PP-Module VPN Gateway v1.3 Published! (05 September 2023)
The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Protection Profile-Module for Virtual Private Network (VPN) Gateway, Version 1.3. Notable changes include fixing issues with multifactor authentication and applying all applicable NIAP Technical Decisions.
Call for Participants in the x509 Technical Community (24 August 2023)
The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be part of a Technical Community (TC) for the development of the x509 Functional Package. Members of this TC are expected to provide technical input to unify the FIA_x509 requirements.
All interested parties should contact NIAP/CCEVS at tc-x509-staff@niap-ccevs.org, providing the information listed below for each potential participant:
• Name
• Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)
• Telephone number
• Email address
• A brief statement of the qualifications for participation in the TC
We look forward to your participation and will hold a kickoff meeting on 12 September 2023 at 1100 EST.
NIAP Progress Report - Second Quarter 2023 (10 August 2023)
See the NIAP Second Quarter Progress Report to learn about recent NIAP accomplishments and activities, and upcoming releases. Read the report here.
NIAP Progress Report - First Quarter 2023 (11 May 2023)
See the NIAP First Quarter Progress Report to learn about recent NIAP accomplishments and activities, and upcoming releases. Read the report here.
Cryptographic Technical Community Kickoff on 12th of April, 1100 EST (07 April 2023)
The kickoff meeting for the Cryptographic Technical Community will take place on the 12th of April at 1100, EST. If you previously sent your interest and did not receive confirmation, please resend your request to tc-crypto-staff@niap-ccevs.org as per the previous announcement (https://www.niap-ccevs.org/Announcements/Announcements.cfm#ann1287).
New Scheme Policy Letter #29 Published (31 March 2023)
NIAP has issued Policy Letter #29, Certificate Maintenance Length of Common Criteria Evaluation and Validation Services (CCEVS) Evaluations. Please review and contact NIAP with any questions.