NIAP: NIAP CCEVS Announcements
NIAP/CCEVS
  NIAP  »»  Announcements  »»  NIAP Announcements  
NIAP Announcements

  Mobile Device Fundamentals Protection Profile v3.2 and Bluetooth PP-Module v1.0 Published! (16 April 2021)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Mobile Device Fundamentals Protection Profile, Version 3.2 (MDF PP) and the PP-Module for Bluetooth (BT PP-Module), Version 1.0.  The MDF PP was modified to utilize both the TLS Functional Package and the new BT PP-Module. In addition, all applicable NIAP Technical Decisions were incorporated.

direct link to this item: https://www.niap-ccevs.org/Announcements/announcements.cfm#ann1251

  NIAP 2020 Annual Report (13 April 2021)

See the NIAP 2020 Annual Report to learn about NIAP accomplishments and activities in 2020.  Read the report here.

direct link to this item: https://www.niap-ccevs.org/Announcements/announcements.cfm#ann1250

  Implementation Guidance for Policy Letter #28 Published (15 March 2021)

NIAP has published implementation guidance for Policy Letter #28, Use of evaluated Dedicated Security Components (DSCs) in Common Criteria Evaluation and Validation Scheme (CCEVS) evaluations.  This document provides guidance on the production and use of documentation from the DSC and dependent technology evaluation efforts, and the activities that need to be performed in order for the evaluation of the “Composed TOE” to be accepted by NIAP. Please contact NIAP with any questions.

direct link to this item: https://www.niap-ccevs.org/Announcements/announcements.cfm#ann1249

Previous Announcements

  PP-Module for VPN Clients (VPN), Version 2.2 Published! (05 January 2021)

 

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the PP-Module for VPN Clients (VPN), Version 2.2.

This updated version resolves numerous inconsistencies and conflicts for evaluations of standalone VPN applications (e.g VPN Client PP-Module with the Application Software PP as its Base-PP).  Specifically, the updates for standalone VPN Client apps allows the TOE to rely on the platform for its cryptographic primitives, but the TOE must provide all the IPsec functionality. This ensures the client application provides applicable VPN security functionality while still allowing the application to leverage the platform capabilities.  Other changes include adding MDM Version 4.0 as an applicable Base-PP, incorporation of all published TDs, and updates to the CC format for PP-Modules (added rationale sections).

 

 

 

 

 

direct link to this item: https://www.niap-ccevs.org/Announcements/announcements.cfm#ann1248

  NIAP Progress Report - Third Quarter 2020 (09 December 2020)

See the NIAP Third Quarter Progress Report to learn about recent NIAP accomplishments and activities, and upcoming releases.

Read the report here.

direct link to this item: https://www.niap-ccevs.org/Announcements/announcements.cfm#ann1247

  New Scheme Policy Letter #28 Published (07 December 2020)

NIAP has issued Policy Letter #28, Use of evaluated Dedicated Security Components (DSCs) in Common Criteria Evaluation and Validation Scheme (CCEVS) evaluations.  Please review and contact NIAP with any questions.

direct link to this item: https://www.niap-ccevs.org/Announcements/announcements.cfm#ann1246

  PP-Module for Enterprise Session Controller (ESC), Version 1.0 Published (04 December 2020)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the PP-Module for Enterprise Session Controller (ESC), Version 1.0. 

Changes were limited to converting the ESC Extended Package to PP-Module format for use with the current versions of the Base-PP (NDcPP v2.2e) and incorporating all applicable Technical Decisions. 

direct link to this item: https://www.niap-ccevs.org/Announcements/announcements.cfm#ann1245

  NIAP publishes the Protection Profile Module for VVoIP, Version 1.0 (29 October 2020)

NIAP has published the PP-Module for Voice and Video over IP (VVoIP), Version 1.0, its Supporting Document, and a PP-Configuration to the NIAP-Approved PP List.  Products may now be evaluated against the PP-Configuration for Application Software and Voice/Video over IP
(VVoIP) Endpoints, Version 1.0, dated 28 October 2020. Changes were limited to converting the VVOIP Extended Package to PP-Module format for use with the current versions of the Base-PPs (APP v1.3) and (NDcPP v2.2e) and incorporating all applicable Technical Decisions. 

In addition, NIAP is developing the necessary iTC required documentation to request the VVOIP PP-Module be added to the allowed-list for NDcPP v2.2e. Once approved, the PP-Configuration will be published.

direct link to this item: https://www.niap-ccevs.org/Announcements/announcements.cfm#ann1244

  PP-Modules for EDR and EDR Host Agent Published (27 October 2020)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the PP-Module for Endpoint Detection and Response (EDR), Version 1.0 and the PP-Module for Host Agent (HA), Version 1.0. These PP-Modules are the first in a new series of Enterprise Security Management (ESM) PPs to be developed.

The PP-Modules may be found here: https://www.niap-ccevs.org/Profile/PP.cfm

direct link to this item: https://www.niap-ccevs.org/Announcements/announcements.cfm#ann1243

  PP-Module for Wireless Intrusion Detection/Prevention Systems (WIDS/WIPS), Version 1.0 Published (16 October 2020)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the PP-Module for Wireless Intrusion Detection/Prevention Systems (WIDS/WIPS), Version 1.0.

This PP-Module replaces the Extended Package for Wireless Intrusion Detection/Prevention Systems (WIDS/WIPS), Verison 1.0. This update included conversion to PP-Module format, incorporation of TDs, requirement updates to provide more clarity, and alignment with the Capability Package (CP) Annex for WIDS in support of wireless monitoring efforts.

The PP-Module may be found here: https://www.niap-ccevs.org/Profile/PP.cfm

direct link to this item: https://www.niap-ccevs.org/Announcements/announcements.cfm#ann1242

  NIAP endorses and publishes the collaborative Protection Profile for Dedicated Security Component, Version 1.0 (16 September 2020)

NIAP has endorsed the collaborative Protection Profile (cPP) for Dedicated Security Component (DSC), Version 1.0 and published the cPP and Supporting Document to the NIAP-Approved PP List. This endorsement is a formal statement that products successfully evaluated against the DSC cPP that demonstrate exact conformance to the cPP, and in compliance with all NIAP policies, will be placed on the NIAP Product Compliant List (PCL).

direct link to this item: https://www.niap-ccevs.org/Announcements/announcements.cfm#ann1241

  NIAP Progress Report - First and Second Quarter 2020 (28 August 2020)

See the NIAP First and Second Quarter Progress Report to learn about recent NIAP accomplishments and activities, and upcoming releases. Read the report here.

direct link to this item: https://www.niap-ccevs.org/Announcements/announcements.cfm#ann1240

  NIAP endorses and publishes the collaborative Protection Profile Module for Stateful Traffic Filter Firewalls, Version 1.4e (01 July 2020)

NIAP has endorsed the collaborative Protection Profile Module for Stateful Traffic Filter Firewalls, Version 1.4e and published the cPP-Module and Supporting Documents to the NIAP-Approved PP List.  This endorsement is a formal statement that products successfully evaluated against the PP-Configuration for Network Device and Stateful Traffic Filter Firewalls, Version 1.4e, dated 25 June 2020 and in compliance with all NIAP policies, will be placed on the NIAP Product Compliant List. This PP-Module replaces the collaborative Protection Profile for Stateful Traffic Filter Firewalls Version 1.3 which will sunset 27 September 2020 in conjunction with its Base-PP's ( NDcPP Version 2.1) sunset date.

direct link to this item: https://www.niap-ccevs.org/Announcements/announcements.cfm#ann1238

  NIAP publishes the Protection Profile Module for VPN Gateways, Version 1.1 (01 July 2020)

NIAP has published the Protection Profile Module for VPN Gateways, Version 1.1, its Supporting Document, and PP-Configuration to the NIAP-Approved PP List.  Products may now be evaluated against the PP-Configuration for Network Device and Virtual Private Network (VPN) Gateways, Version 1.1, dated 01 July 2020. Changes were limited to updates to align with NDcPP 2.2e and incorporating all applicable Technical Decisions. This PP-Module replaces the PP-Module for VPN Gateways Version 1.0 which will sunset 27 September 2020 in conjunction with its Base-PP's ( NDcPP Version 2.1) sunset date.

 

Also, the Network Device international Technical Community (iTC) has added the PP-Module for VPN Gateways, V1.1 to the allowed-list for the PP-Module for Stateful Traffic Filter Firewalls, V1.4e.  Therefore, NIAP has published the PP-Configuration for Network Devices, Stateful Traffic Filter Firewalls, and Virtual Private Network (VPN) Gateways, Version 1.1, dated 01 July 2020 to the NIAP-Approved PP List.  Products may now be evaluated against this PP-Configuration which includes the following components:

 

·        collaborative Protection Profile for Network Devices, Version 2.1 (CPP_ND_V2.2e)

 

·        PP-Module for Stateful Traffic Filter Firewalls, Version 1.4 + Errata 20200625 (MOD_CPP_FW_V1.4e)

 

·        PP-Module for Virtual Private Network (VPN) Gateways, Version 1.1 (MOD_VPNGW_V1.1)

 

direct link to this item: https://www.niap-ccevs.org/Announcements/announcements.cfm#ann1239

  DHS/NIAP Pilot for Automating Mobile App Requirements Testing (29 June 2020)

Ensuring the security of mobile application (app) software for use within the federal government no longer needs to be time consuming or expensive.  Under a joint pilot program, the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) and National Information Assurance Partnership (NIAP) have demonstrated that the process can be automated.

The pilot testing report, titled Automating National Information Assurance Partnership Requirements Testing for Mobile Apps, demonstrates that automated testing tools and methodologies are reliable and efficient. It behooves stakeholders from both the federal government and industry to continue developing them to address the increasing scale and complexity of certifying mobile apps.

 

Check out the full report here!

direct link to this item: https://www.niap-ccevs.org/Announcements/announcements.cfm#ann1237

  NIAP Resumes Operations (18 May 2020)

Effective 18 May 2020, the NIAP office will resume operations. Thank you for your patience and understanding as this occurs.

direct link to this item: https://www.niap-ccevs.org/Announcements/announcements.cfm#ann1236
Site Map              Contact Us              Home