NIAP: NIAP Evolution Announcements
NIAP/CCEVS
  NIAP  »»  Announcements  »»  Evolution Announcements  
NIAP Evolution Announcements

PP-Module for MACsec Ethernet Encryption V1.0 Published! (02 March 2023)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the PP-Module for MACsec Ethernet Encryption V1.0.  This was a minor update to align with Network Device cPP v2.2e, add updates requested by the Australian Certification Authority, supports the conversion to PP-Module, and incorporates all applicable NIAP Technical Decisions. This will complete the conversion to PP-Modules for all Extended Packages using ND cPP as a base.

Position Statement on the CC in the Cloud Working Group (04 May 2022)

The National Information Assurance Partnership, Canadian Common Criteria Scheme, and Australian Certification Authority have issued a joint position statement in support of the CC in the Cloud Working Group and its CC in the Cloud Essential Security Requirements (ESR), v0.3, dated 2 March 2022.

The Position Statement is posted on the NIAP website on its Publications page and can be found here: https://www.niap-ccevs.org/MMO/GD/CC%20in%20the%20Cloud%20Position%20Statement%20v1.0.pdf

The ESR is posted on the CC in the Cloud Working Group's github page and can be found here: https://github.com/CC-in-the-Cloud/Admin/blob/Working/ESR/CC_in_the_Cloud_ESR.pdf

Call for Participants for Mobile Device Management Technical Community (22 August 2018)

 

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be part of a Technical Community (TC) for the update of the Protection Profile for Mobile Device Management.  Members of this TC are expected to provide technical input to the development of a Protection Profile update containing the baseline Security Functional Requirements (SFRs) for Mobile Device Management. 

 

Please note: If you are already a member of this Technical Community, there is no need to re-apply.

 

 

All interested parties should contact NIAP/CCEVS at tc-mobility-staff@niap-ccevs.org, providing the information listed below for each potential participant:

 

• Name

 

• Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other) 

 

• Telephone number

 

• Email address

 

• A brief statement of the qualifications for participation in the TC

Update on Labgram #106/Valgram #126 "Impact of NIST 2017 Transitions to NIAP." (31 October 2017)

NIAP is rescinding Labgram #106/Valgram #126 "Impact of NIST 2017 Transitions to NIAP."  Following discussions with our subject matter experts and NIST's announcement regarding the transition delay (https://csrc.nist.gov/News/2017/Transition-Plans-for-Key-Establishment-Schemes), NIAP has decided that Labgram #106 will be archived and no part of it will be enforced.

 

If you have any questions or concerns, please contact us at niap@niap-ccevs.org.

 

 

 

DoD Annex for MDF PP v3.1 (31 July 2017)

The DoD Annex for the Mobile Device Fundamentals Protection Profile (MDF PP) v3.1 has been published to the NIAP Protection Profile website.  This DoD Annex is used to mandate specific PP selections, assignments, and security functional requirements to be fully compliant with DoD cybersecurity policies, and applies to all DoD-administered systems and all systems connected to DoD networks.                  

NIAP Endorses NDcPP v2.0 (07 July 2017)

NIAP has endorsed the Network Device collaborative Protection Profile v2.0 (NDcPP v2.0) and published the cPP and Supporting Documents to the NIAP Approved PP List.  This endorsement is a formal statement that products successfully evaluated against the ND cPP that demonstrate exact conformance to the cPP, and in compliance with all NIAP policies, will be placed on the NIAP Product Compliant List.  The updated NDcPP v2.0 allows for evaluation of devices that are suitable for the use cases identified in the ND cPP, to include distributed network devices.    

Mobile Device Fundamentals Protection Profile v3.1 Published! (16 June 2017)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Mobile Device Fundamentals Protection Profile version 3.1 (MD PP v3.1).  Updates were made to modify several biometric requirements and to incorporate all applicable NIAP Technical Decisions. Given the minimal changes, this version replaces Version 3.0, which will be sunsetted next month.

Please follow the link for more information:

https://www.niap-ccevs.org/Profile/Info.cfm?id=417

Call for Participants for PSS Technical Community (01 March 2017)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be part of a Technical Community for the update of the Peripheral Sharing Switch Protection Profile version 3.0. Members of this TC are expected to provide technical input to update the Protection Profile for products that provide a PSS capability.

All interested parties should contact NIAP/CCEVS at tc-pss-staff@niap-ccevs.org, providing the information listed below for each potential participant:

• Name

• Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other) 

• Telephone number

• Email address

• A brief statement of the qualifications for participation in the TC

NIAP plans to hold the Kick-Off meeting on Wednesday, 15 March 2017.  We look forward to your participation!       

Mobile Device Management Protection Profile v3.0 and Mobile Device Management Agents Extended Package v3.0 Published (07 December 2016)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Protection Profile for Mobile Device Management, Version 3.0 (MDM PP v3.0) and MDM Agents Extended Package, Version 3.0 (MDM Agent EP v3.0). This PP/EP includes updates based on questions sent to the Technical Rapid Response Team, clarification to many requirements and assurance activities, and adding SFRs to support Bring Your Own Device (BYOD) Use Case. This PP/EP can be found here:  https://www.niap-ccevs.org/Profile/PP.cfm      

Updated DoD Annexes for MDM PP and MDM Agent PP v2.0 (29 November 2016)

An updated version of the DoD Annex for the Mobile Device Management Protection Profile (MDM PP) v2.0 and MDM Agent PP v2.0 has been published to the NIAP Protection Profile website.  These DoD Annexes are used to mandate specific PP selections, assignments, and security functional requirements to be fully compliant with DoD cybersecurity policies, and applies to all DoD-administered systems and all systems connected to DoD networks.     

 

Virtualization Base PP, Server Virtualization EP, and Client Virtualization EP Published (22 November 2016)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Protection Profile for Virtualization (Base) Version 1.0, the Protection Profile for Virtualization Extended Package – Server Virtualization Version 1.0 and the Protection Profile for Virtualization Extended Package – Client Virtualization Version 1.0. 

 

A Virtualization System (VS) is a software product that enables multiple independent computing systems to execute on the same physical hardware platform without interference from one other. A VS creates a virtualized hardware environment (virtual machines or VMs) for each instance of an operating system permitting these environments to execute concurrently while maintaining isolation and the appearance of exclusive control over assigned computing resources. For the purposes of this document, the VS consists of a Virtual Machine Manager (VMM), Virtual Machine (VM) abstractions, a management subsystem, and other components.

 

The requirements defined in the generic ‘base’ PP are based on the high degree of similarity between Server Virtualization and Client Virtualization capabilities.  A product must be evaluated against either the Server Virtualization EP or Client Virtualization EP in conjunction with the base Virtualization PP; a product may not be evaluated solely against the base Virtualization PP  or either of the EPs.    

 

    

Certification Authorities Protection Profile version 2.0 (CA PP v2.0) Published (07 November 2016)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Certificate Authorities Protection Profile version 2.0.   A CA system is an entity that issues and manages public-key certificates and is the primary component of a public key infrastructure (PKI), which consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working together to enable people in various locations to establish trust through secure communications.  This Protection Profile (PP) describing security requirements for a Certification Authority is intended to provide a minimal, baseline set of requirements that are targeted at mitigating well defined and described threats.

The PP can be found here: https://www.niap-ccevs.org/Profile/Info.cfm?id=404

 

Enterprise Session Controller Extended Package (ESC EP) Version 1.0 Published (04 November 2016)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Enterprise Session Controller Extended Package (ESC EP), Version 1.0, to the Network Device collaborative Protection Profile (NDcPP). This EP describes the security functionality of a telecommunication switch where its primary function is to set up, process, and terminate voice & video calls over an enterprise-wide Internet Protocol (IP) network. The EP can be found here: https://www.niap-ccevs.org/Profile/Info.cfm?id=396        

MDF PP DoD Annexes Published (25 October 2016)

NIAP is pleased to announce that the DoD Annex for Mobile Device Fundamentals Protection Profile (MDF PP) v3.0 has been published to the NIAP Protection Profile website.  An updated version of the DoD Annex for MDF PP v2.0 has also been published .  These DoD Annexes are used to mandate specific PP selections, assignments, and security functional requirements to be fully compliant with DoD cybersecurity policies, and applies to all DoD-administered systems and all systems connected to DoD networks.           

Voice/Video over IP Extended Package Version 1.0 Published (11 October 2016)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Voice/Video over IP  Extended Package (VVoIP EP), Version 1.0, to the Network Device collaborative Protection Profile (NDcPP) and Software Application Protection Provile (APP PP). This EP  describes the security functionality of a VVoIP endpoint.  The most notable additions are requirements for the call control protocol and streaming media protocol. The EP can be found here: https://www.niap-ccevs.org/Profile/Info.cfm?id=399     

Wireless Intrusion Detection/Prevention Extended Package (WIDS/WIPS EP), Version 1.0 Published (07 October 2016)

 

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Wireless Intrusion Detection/Prevention Extended Package (WIDS/WIPS EP), Version 1.0, to the Network Device collaborative Protection Profile (NDcPP). This EP is for products that provide network security administrators with the ability to monitor, collect, log, and react in real-time to potentially malicious network traffic. The EP can be found here: https://www.niap-ccevs.org/Profile/Info.cfm?id=395.

 

Session Border Controller Extended Package Version 1.1 Published (03 October 2016)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Session Border Controller Extended Package (SBC EP), Version 1.1, to the Network Device collaborative Protection Profile (NDcPP). This EP includes updates and clarification to many requirements and assurance activities and adding the video component to Voice over IP. The EP can be found here: https://www.niap-ccevs.org/Profile/Info.cfm?id=405        

NIAP CCEVS Publication #6, Assurance Continuity: Guidance for Maintenance and Re-evaluation, v3.0 (20 September 2016)

NIAP CCEVS has updated their Publication #6, Assurance Continuity: Guidance for Maintenance and Re-evaluation, Version 3.0, and has published to the NIAP website. The updated publication can be found here:  https://www.niap-ccevs.org/Documents_and_Guidance/guidance_docs.cfm.

If you have any questions or concerns, please contact us at 410-854-4458 or by email niap@niap-ccevs.org.     

Mobile Device Fundamentals Protection Profile Version 3.0 Published (20 June 2016)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Protection Profile for Mobile Device Fundamentals, Version 3.0. The PP includes updates based on questions sent to the Technical Rapid Response Team, clarification to many requirements and assurance activities, mandating several objective requirements, adding several new objective requirements, and adding SFRs to support Bring Your Own Device (BYOD) Use Case. This PP can be found here: https://www.niap-ccevs.org/Profile/Info.cfm?id=381     

      

MACsec Ethernet Encryption Extended Package Version 1.2 Published (10 May 2016)

 

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the MACsec Ethernet Encryption Extended Package  Version 1.2.  The most notable change from Version 1.1 (March 2016) to Version 1.2 (May 2016) is that the requirement for eXtended Packet Numbering (XPN) was moved from required to optional and the assurance activity was updated to provide more detailed test procedures in accordance with TC feedback. All other changes were typographical.  Given the minimal changes, this version replaces the recently published Version 1.1 which has been sunset, effective immediately. 

 

Candidate iTC for Application Software (11 March 2016)

The CCDB Application Software Working Group has completed the Essential Security Requirements for Application Software. Information on how to join the candidate iTC can be found here:

http://www.commoncriteriaportal.org/communities/application_software.cfm

NIAP Progress Report Now Available (26 February 2016)

 

 

 

NIAP has released the 2015 Progress Report that documents significant accomplishments in all NIAP mission areas under the new evaluation scheme.

 

See the Report.

 

 

Secure Shell (SSH) Extended Package Published. (19 February 2016)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Extended Package for Secure Shell (SSH). The SSH EP has been developed to extend the Protection Profiles for Application Software (AppPP), General-Purpose
Operating Systems (GPOSPP), or Mobile Device Management (MDM).

This EP serves to extend the PP baselines with additional SFRs and associated Assurance Activities specific to SSH clients and servers. It is expected that the content of this EP and the chosen base PP be appropriately combined in the context of each product-specific Security Target. It is expected that the content of this EP will be appropriately combined with the base PP to include selection-based requirements in accordance with the selections and/or assignments made, and any optional and/or objective components. An ST must identify the applicable version of the base PP and this EP in its conformance claims.  An ST must identify the applicable versions of the PP chosen and this EP in its conformance claims.

Wireless LAN Client Extended Package Published (11 February 2016)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Wireless LAN Client Extended Package. The WLAN Client EP has been updated as an EP to either the General Purpose Operating System (OSPP) or the Mobile Device Fundamentals PP (MDF PP).


This EP extends the OS PP when the WLAN client is installed on an operating system that is evaluated against that PP. This EP extends the MDF PP when the WLAN client is installed on a self-contained mobile device evaluated against that PP.

As an EP of either the OS PP or the MDF PP, it is expected that the content of this EP and the chosen base PP be appropriately combined in the context of each product-specific Security Target. When this EP is used with the OS PP or MDF PP, conformant TOEs are obligated to implement the functionality required in those PPs with the additional functionality defined in this EP in response to the threat environment discussed subsequently herein. An ST must identify the applicable versions of the PP chosen and this EP in its conformance claims.

 

 

 

Call for Participants in WIDS Technical Community (08 February 2016)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is inviting industry, government, end users, academic institutions, and labs with relevant technology expertise and research focus to participate in the Wireless Intrusion Detection System (WIDS) Technical Community (TC).  If you are interested in joining the technical community and participating in the development of a Protection Profile for this technology, contact NIAP/CCEVS at:
 
tc-wids-staff@niap-ccevs.org

Please provide the following information in the email:

     Name
     Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)
     Address
     Telephone number
     Email address
     A brief statement of the qualifications/interest for participation

Intrusion Prevention Systems Version 2.1 Extended Package (EP) Published (28 January 2016)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of an updated Intrusion Prevention System (IPS) Extended Package (EP). The IPS EP has been updated as an EP to either the Network Device collaborative PP (NDcPP) or the Firewall collaborative PP (FWcPP). Upon review of both the NDcPP and the FWcPP, it was determined that all NDcPP SFRs are also in the FWcPP. The only changes made were to the front matter and to other references to the NDcPP.  The largest impact was that the EP introduced some new threats that are redundant with respect to the FWcPP so the SPD was updated to show that the EP can either address new threats (NDcPP case) or address existing threats in a more thorough manner (FWcPP). There was no direct impact to the SFRs in the EP.

Entropy Clarification and Process Guidance (02 December 2013)

In an effort to codify processes and expedite the timeline of evaluation, NIAP has published two guidance documents in relation to entropy.

The first document, Entropy Submission and Review Process, establishes a step-by-step procedure for submission, tracking, and documentation of entropy reviews. This process includes guidance to be used by all parties within the evaluation including the lab, evaluator, validator, and NIAP. It is expected in the future, NIAP will begin to automate these processes where each step may be completed electronically – resulting in a faster, more convenient entropy process.

The second document, Clarification to the Entropy Documentation and Assessment Annex, offers examples of how the US Scheme reviews the Entropy Assessment Report (EAR) for each entropy source type. The information provided within the document is meant to provide general guidance on entropy reporting and should not be considered a “check-list” for successful EAR documentation. Questions on this topic should be directed to the project validator or NIAP.

Assurance Activity Reporting Requirements (revised 27 November 2013) (20 November 2013)

We are revising this announcement to address some initial questions about this initiative:  NIAP is implementing a new standardized reporting procedure, effective 1 January 2014; to enable more timely and consistent completion of validation oversight and posting evaluated products on the Product Compliant List (PCL).  This also will give systems integrators valuable information about product configuration and testing, help to align Common Criteria evaluations with DISA Security Requirements Guides and Security Test Implementation Guides (SRGs/STIGs), and thereby reduce requirements and time for U.S. government procurement of validated products.  Additionally, standardized reporting will help NIAP revise and create more clear and objective assurance activities in the future while also supporting transparency and consistency among nations in the Common Criteria Recognition Arrangement.  

Initially this guidance applies only to the Network Device Protection Profile (NDPP).  We expect to issue similar guidance near term for all NIAP approved PPs.  Therefore, labs are encouraged but not required to submit assurance activity reports for all non-NDPP evaluations. The standardized set of information to be required for NIAP validation of NDPP-compliant products is being published as Reporting Requirements for NDPP Evaluations. This document outlines the required contents of the reports for the NIAP validation team (referred to in this document as the NDPP Evaluation Report (NER)).  This is a required deliverable in the check-out package in addition to the currently-mandated set of materials.  While a format is suggested by the document, other formats that present the content indicated are acceptable.  It should be noted that the focus of the evaluation effort is on the performance of the Assurance Activities, and thus the document focuses on the reporting documentation associated with those elements of the evaluation.  At this time, an ETR is still required for the purposes of Mutual Recognition under the Common Criteria Recognition Arrangement.

These revised reporting requirements apply to product developers and producers and testing labs.  The NDPP Evaluation Report will be made publically available for use by systems integrators and others who use or accredit systems that include CC evaluated products.

Evaluations starting on or after 1 January 2014 must follow this guidance. We strongly encourage ongoing evaluations to follow this guidance as it will expedite review of the check-out package.

Archiving of MFD (IEEE Std. 2600.2) Protection Profile (15 November 2013)

NIAP is working closely with the Japan IT Security Evaluation and Certification Scheme (JISEC, IPA Japan) and a Multifunction Printer Technical Community on a new Multi-National Protection Profile for MFPs. Therefore, NIAP is no longer accepting products for evaluation against the old standard, U.S. Government Protection Profile for Hardcopy Devices Version 1.0 (IEEE Std. 2600.2™-2009). 

We appreciate your support and patience during this transition.  Although NIAP is no longer accepting evaluations against the Protection Profile, the IEEE Std. 2600.2™-2009 Protection Profile continues to be listed on the Common Criteria Portal (www.commoncriteriaportal.org).  For additional guidance regarding evaluation of products for which a NIAP-approved PP does not exist, pleases visit the see the following guidance.

We encourage interested vendors, end users, labs and other scheme representatives to join the MFP Technical Community and participate in completing the new protection profile as expeditiously as possible. If you are interested please send all requests to niap@niap-ccevs.org

Check-In Check-Out Guidance Published (13 November 2013)

NIAP has published guidance on the Check-In/Check-Out (CICO) process. Details of this process can be found at the bottom of the Guidance Documents Page (https://www.niap-ccevs.org/Documents_and_Guidance/guidance_docs.cfm)

CICOs are intended to promote valuable interaction between the CCTL (evaluator) and NIAP (validator) to ensure the product submitted has been properly prepared, reviewed and tested for a successful evaluation. Interaction between the evaluator and validator at the time of submission ensures the evaluation can proceed quickly and efficiently to completion.

CICO is an expedited process from the previous Validation Oversight Review (VOR) process and puts more responsibility on the CCTL to ensure the product is ready for evaluation when it is submitted to NIAP. All evaluations being conducted against NIAP-approved PPs must undergo the CICO process.

Any questions regarding the CICO process can be directed to niap@niap-ccevs.org.

Posting of the Mobility Protection Profiles (24 October 2013)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the publication of the Mobile Device Management Protection Profile, and revisions of the VoIP Applications and IPsec VPN Client Protection Profiles to better align with the mobility space.

In addition, NIAP, in collaboration with DISA, is pleased to announce the publication of the Mobile Device Fundamentals Protection Profile (PP).  This PP includes requirements for the hardware and software that make up the security foundations of the mobile device.  It is a joint requirements document that defines the threat environment, Common Criteria requirements, and a set of NIST SP 800-53 controls that DISA and NIAP collectively recognize as critical for mobile device technology.

In the coming weeks, DISA Field Security Operations will publish a companion document to the PP which addresses the DoD specificity to the NIST SP 800-53 controls identified. As a result, this PP and companion document serve as a single specification, within the DoD, that supersedes both the NIAP Mobile OS Protection Profile (2013-01-25) and the current DISA MOS SRG version 1, release 3. The publication of this protection profile does not eliminate the DoD need for a product specific Security Technical Implementation Guide (STIG); however, the results of the Common Criteria evaluation will be used to formulate a STIG.

NSA and DISA are working on a similar approach for the Mobile Device Management PP, and will have an update soon.

These PPs are a result of a collaborative effort between numerous vendors within the Mobility Technical Community and multiple Common Criteria Schemes. NIAP would like to personally thank all of those involved for their hard work and dedication during this effort!

Please see (www.niap-ccevs.org/pp) for the newly published Protection Profiles.

Test Case [This used to be blank for testing.] (08 April 2013)

You can now see events in a convenient log.

Revision of NIAP Policy #12 (26 March 2013)

NIAP has revised Policy #12 (Acceptance Requirements of a product for NIAP Evaluation). Please review the policy and refer to NIAP with any questions.

Mobile OS PP Updates (18 March 2013)

NIAP is currently in the process of updating the Mobile OS PP. Those vendors considering evaluation against this PP should first consult NIAP for information on how to proceed.

Posting of Software Full Disk Encryption Protection Profile (12 March 2013)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Software Full Disk Encryption Protection Profile.  This PP can be found here: http://www.niap-ccevs.org/pp/PP_SWFDE_v1.0/

Validation Oversight for Entropy Requirements in Network Device PP Evaluations (08 February 2013)

Guidance for validation oversight of FCS_RBG_EXT requirements has been posted on the PP_ND_v1.1 page.

Posting of Mobility Protection Profiles (28 January 2013)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Mobility Suite of Protection Profiles. These include VOIP Apps and Mobile OS. These PPs can be found here: http://www.niap-ccevs.org/pp/

Network Device Protection Profile (NDPP) Extended Package VPN Gateway PP (12 December 2012)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the completion of the VPN Gateway Extended Package.

General Purpose Operating System Protection Profile (11 December 2012)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the completion of the General-Purpose Operating System (GPOS) Protection Profile (PP). The development of the GPOS PP is a collaboration effort between the German Federal Office for Information Security (BSI) and NIAP. The GPOS PP is currently in the pre-publication process and will be available on NIAP's web portal within the next few weeks.

Mobile Device Management Technical Community Kick-Off (18 October 2012)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is inviting Industry, government, end users, academic institutions, and labs with relevant technology expertise and research focus to participate in the Mobile Device Management Technical Community (MDM TC). The kick-off meeting for this TC is scheduled on 6 November 2012 13:00 - 15:00 EST at the National Business Park, Annapolis Junction, Maryland.

If you are interested in joining this community, contact NIAP/CCEVS at TC_Mobility-mdm@niap-ccevs.org

Please provide the following information in the email:

  • Name
  • Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)
  • Address
  • Telephone number
  • Email address
  • A brief statement of the qualifications for participation

Network Device Protection Profile Released (12 June 2012)

The NIAP Director is pleased to announce the release of Network Device Protection Profile (NDPP) Version 1.1.  This latest version was updated with comments from community review and application of product evaluations.   The NDPP describes a Network Device (defined to be an infrastructure device that can be connected to a network) and is intended to provide a minimal, baseline set of requirements that are targeted at mitigating well defined and described threats. It represents an evolution of “traditional” Protection Profiles and the associated evaluation of the requirements contained within the document.

ESM - Policy Management Protection Profile (05 June 2012)

Enterprise Security Management – Policy Management: This protection profile focuses on access control policy definition and management. ESM Policy Management products (PMs) will allow ESM Policy Administrators to configure and manage Access Control products in order to determine how objects should be protected throughout the enterprise. The output of this administrative action will be the production and distribution of policies to Access Control products. PMs should also be able to control the basic behavior of these products such as what events they audit, where they store audited event data, and how they should operate in the event of a loss of communications with the PM.

Network Device Technical Community. (21 May 2012)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) held the kick-off meeting for the Network Device Technical Community on 31 May 2012.

If you are interested in joining this community and helping in the development of technical requirements, contact NIAP/CCEVS at TC_NetworkDevice_Staff@niap-ccevs.org and provide the information listed below for each potential participant: 

  • Name,
  • Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other,
  • Address,
  • Telephone Number,
  • Email address,
  • A brief statement of the qualifications for participation in the TC.

NIAP Brochure (09 March 2012)

pdf icon The  NIAP Brochure provides information related to NIAP and Reforming the Use the of Common Criteria.  Printing the Brochure double sided will allow the user to tri-fold the brochure for quick reference.

Technical Communities White Paper (06 March 2012)

NIAP has coordinated the production of a white paper (Technical Communities: A Collaborative Approach for Protection Profile Development) outlining our initial efforts focused on the organizational aspects of building a vibrant and collaborative set of Technical Communities to develop, maintain and manage Protection Profiles (PPs) in support of NIAP’s goals.

NIAP Evolution (28 November 2011)

The NIAP evolution continues to progress, with several important updates anticipated in the near term. These updates will provide specific details about various aspects of the transition. The overall goal of the changes in NIAP is Achievable, Repeatable, and Testable evaluation results.

Look for upcoming information regarding the NIAP evolution, including:

  • Updated NIAP Policy 12 “Acceptance Requirements of a Product for CCEVS Validations” – updates the current policy and includes requirements for evaluation against NIAP approved Protection Profiles;
  • PP Transition announcement – defines the transition to NIAP-approved PPs and product end of life/maintenance information;
  • National Security System (NSS) Acquisition announcement – proposed criteria for products to be listed on NIAP’s Product Compliant List (PCL) and for acquisition of COTS products to be used on NSS or to protect NSS information;
  • Product End of Life/Maintenance announcement – provides milestones for implementation of the NIAP End of Life/Maintenance process, including information about how previously evaluated products must comply; and
  • New NIAP Cryptographic Policy - defines the relationship between the cryptographic requirements of a Target of Evaluation (TOE) in evaluation and the verification of those requirements through activities performed by the NIST Cryptographic Algorithm Validation Program (CAVP)/ Cryptographic Module Validation Program (CMVP).
Site Map              Contact Us              Home