The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the PP-Module for MACsec Ethernet Encryption V1.0.  This was a minor update to align with Network Device cPP v2.2e, add updates requested by the Australian Certification Authority, supports the conversion to PP-Module, and incorporates all applicable NIAP Technical Decisions. This will complete the conversion to PP-Modules for all Extended Packages using ND cPP as a base.

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce it has endorsed the collaborative Protection Profile (cPP) Module for Biometrics, Version 1.1 and published the cPP-Module and Supporting Document to the NIAP-Approved PP List. This endorsement is a formal statement that products successfully evaluated against PP-Configurations which include the cPP-Module that demonstrate exact conformance to the PP-Configuration, and in compliance with all NIAP policies, will be placed on the NIAP Product Compliant List (PCL).

The National Information Assurance Partnership, Canadian Common Criteria Scheme, and Australian Certification Authority have issued a joint position statement in support of the CC in the Cloud Working Group and its CC in the Cloud Essential Security Requirements (ESR), v0.3, dated 2 March 2022.

The Position Statement is posted on the NIAP website on its Publications page and can be found here: https://www.niap-ccevs.org/MMO/GD/CC%20in%20the%20Cloud%20Position%20Statement%20v1.0.pdf

The ESR is posted on the CC in the Cloud Working Group's github page and can be found here: https://github.com/CC-in-the-Cloud/Admin/blob/Working/ESR/CC_in_the_Cloud_ESR.pdf

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be part of a Technical Community (TC) for the development of a Protection Profile for Software Defined Network (SDN) Controller. Members of this Technical Community are expected to provide technical input to the development of a Protection Profile for a baseline set of Security Functional Requirements (SFRs) for products that implement SDN Controller.

All interested parties should contact NIAP/CCEVS at tc-sdn-staff@niap-ccevs.org, providing the information listed below for each potential participant: 

 • Name 

 • Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)  

 • Telephone number 

 • Email address 

 • A brief statement of the qualifications for participation in the TC

NIAP plans to hold the Kick-Off meeting on 26 October 2021 at 1100 Eastern. We look forward to your participation!

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be part of the Technical Community (TC) for the update of the Wireless Intrusion Detection System (WIDS) Extended Package.  Members of this TC are expected to provide technical input to update requirements that need more clarity and support the development of additional requirements to align with the Capability Package (CP) Annex for WIDS in support of wireless monitoring efforts.

Please note: If you are already a member of this Technical Community, there is no need to re-apply.
 
All interested parties should contact NIAP/CCEVS at tc-wids-staff@niap-ccevs.org, providing the information listed below for each potential participant:

    Name
    Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)
    Telephone number
    Email address
    A brief statement of the qualifications for participation in the TC

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the PP-Module for File Encryption, Version 1.0 and PP-Module for File Encryption Enterprise Management, Version 1.0. The PP-Module for File Encryption replaces the Extended Package for Software File Encryption Version 1.0 and includes Technical Decisions (TDs) resulting from prior completed evaluations and other updates. The PP-Module for File Encryption Enterprise Management expands the File Encryption use case to protecting the communications between the Enterprise Management Server and the client device and includes optional abilities of the EM to interact with clients (with proper authorization).

The PP-Modules may be found here: https://www.niap-ccevs.org/Profile/PP.cf

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be part of a Technical Community (TC) for the development of a Protection Profile for Software Defined Network (SDN) Controller. Members of this TC are expected to provide technical input to the development of a Protection Profile for a baseline set of Security Functional Requirements (SFRs) for products that implement SDN Controller.

All interested parties should contact NIAP/CCEVS at tc-sdn-staff@niap-ccevs.org, providing the information listed below for each potential participant: 

• Name 

• Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)  

• Telephone number 

• Email address 

• A brief statement of the qualifications for participation in the TC

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be part of a Technical Community (TC) for the update of the Protection Profile for Mobile Device Management.  Members of this TC are expected to provide technical input to the development of a Protection Profile update containing the baseline Security Functional Requirements (SFRs) for Mobile Device Management. 

Please note: If you are already a member of this Technical Community, there is no need to re-apply.

All interested parties should contact NIAP/CCEVS at tc-mobility-staff@niap-ccevs.org, providing the information listed below for each potential participant:

• Name

• Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other) 

• Telephone number

• Email address

• A brief statement of the qualifications for participation in the TC

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the PP-Module for Virtual Private Network (VPN) Clients Version 2.1.  Minor updates were made to convert the predecessor VPN Client Extended Package v2.0 to a PP-Module in accordance with the recently published CC Version 3.1 R5.  Given the minimal changes, this version replaces Version 2.0 which will be sunset on December 26, 2017 to coincide with its predecessor's sunset date.

The DoD Annex for the Mobile Device Fundamentals Protection Profile (MDF PP) v3.1 has been published to the NIAP Protection Profile website.  This DoD Annex is used to mandate specific PP selections, assignments, and security functional requirements to be fully compliant with DoD cybersecurity policies, and applies to all DoD-administered systems and all systems connected to DoD networks.                  

NIAP has endorsed the Network Device collaborative Protection Profile v2.0 (NDcPP v2.0) and published the cPP and Supporting Documents to the NIAP Approved PP List.  This endorsement is a formal statement that products successfully evaluated against the ND cPP that demonstrate exact conformance to the cPP, and in compliance with all NIAP policies, will be placed on the NIAP Product Compliant List.  The updated NDcPP v2.0 allows for evaluation of devices that are suitable for the use cases identified in the ND cPP, to include distributed network devices.    

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the VPN Client Extended Package (VPN Client EP), Version 2.0.  The EP extends the GPOS PP when the VPN client is installed on an operating system (e.g., Windows, Mac OS, Linux),  the MDF PP when the VPN client is installed on a self-contained mobile device that is bundled with an operating system (e.g. Android, BlackBerry OS, iOS, Windows Mobile),  and the App PP when the VPN client is provided by a third party and is a standalone application that is not a bundled part of an operating system or mobile device. This EP describes the security functionality of a software application that runs on a physical or virtual host platform, used to establish a secure IPsec connection between that host platform and a remote system.

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Mobile Device Fundamentals Protection Profile version 3.1 (MD PP v3.1).  Updates were made to modify several biometric requirements and to incorporate all applicable NIAP Technical Decisions. Given the minimal changes, this version replaces Version 3.0, which will be sunsetted next month.

Please follow the link for more information:

https://www.niap-ccevs.org/Profile/Info.cfm?id=417

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Intrusion Prevention Systems (IPS) Extended Package (EP) Version 2.11.  Updates were made to address minor issues found during the validation of the EP and to incorporate all applicable NIAP Technical Decisions. Given the minimal changes, this version replaces Version 2.1 which has been sunset, effective immediately.

The FDE iTC has released the draft Enterprise Management module for public review.  Please visit the FDE Technical Community page to review the draft and related comment forms.  The public comment period will close on Friday, 26 May 2017.

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be part of a Technical Community for the update of the File Encryption Extended Profile (EP).  Members of this TC are expected to provide technical input to update the EP to include requirements for enterprise management and update the requirements for multi-user support.

All interested parties should contact NIAP/CCEVS at tc-file-staff@niap-ccevs.org, providing the information listed below for each potential participant:

• Name
• Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)
• Telephone number
• Email address
• A brief statement of the qualifications for participation in the TC
• In addition, if there are other issues recommended to include for this update, please provide a brief description for consideration.

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be part of a Technical Community for the update of the Peripheral Sharing Switch Protection Profile version 3.0. Members of this TC are expected to provide technical input to update the Protection Profile for products that provide a PSS capability.

All interested parties should contact NIAP/CCEVS at tc-pss-staff@niap-ccevs.org, providing the information listed below for each potential participant:

• Name

• Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other) 

• Telephone number

• Email address

• A brief statement of the qualifications for participation in the TC

NIAP plans to hold the Kick-Off meeting on Wednesday, 15 March 2017.  We look forward to your participation!       

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be part of a technical community for the development of a protection profile for TLS Inspection products. Members of this TC are expected to provide technical input to the development of Protection Profile for products that provide a TLS inspection capability.

All interested parties should contact NIAP/CCEVS at tc-tlsi-staff@niap-ccevs.org, providing the information listed below for each potential participant: 

• 

Name 

• 

Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)  

• 

Telephone number 

• 

Email address 

• 

A brief statement of the qualifications for participation in the TC

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Protection Profile for Mobile Device Management, Version 3.0 (MDM PP v3.0) and MDM Agents Extended Package, Version 3.0 (MDM Agent EP v3.0). This PP/EP includes updates based on questions sent to the Technical Rapid Response Team, clarification to many requirements and assurance activities, and adding SFRs to support Bring Your Own Device (BYOD) Use Case. This PP/EP can be found here:  https://www.niap-ccevs.org/Profile/PP.cfm      

An updated version of the DoD Annex for the Mobile Device Management Protection Profile (MDM PP) v2.0 and MDM Agent PP v2.0 has been published to the NIAP Protection Profile website.  These DoD Annexes are used to mandate specific PP selections, assignments, and security functional requirements to be fully compliant with DoD cybersecurity policies, and applies to all DoD-administered systems and all systems connected to DoD networks.     

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Protection Profile for Virtualization (Base) Version 1.0, the Protection Profile for Virtualization Extended Package – Server Virtualization Version 1.0 and the Protection Profile for Virtualization Extended Package – Client Virtualization Version 1.0. 

A Virtualization System (VS) is a software product that enables multiple independent computing systems to execute on the same physical hardware platform without interference from one other. A VS creates a virtualized hardware environment (virtual machines or VMs) for each instance of an operating system permitting these environments to execute concurrently while maintaining isolation and the appearance of exclusive control over assigned computing resources. For the purposes of this document, the VS consists of a Virtual Machine Manager (VMM), Virtual Machine (VM) abstractions, a management subsystem, and other components.

The requirements defined in the generic ‘base’ PP are based on the high degree of similarity between Server Virtualization and Client Virtualization capabilities.  A product must be evaluated against either the Server Virtualization EP or Client Virtualization EP in conjunction with the base Virtualization PP; a product may not be evaluated solely against the base Virtualization PP  or either of the EPs.    

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Certificate Authorities Protection Profile version 2.0.   A CA system is an entity that issues and manages public-key certificates and is the primary component of a public key infrastructure (PKI), which consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working together to enable people in various locations to establish trust through secure communications.  This Protection Profile (PP) describing security requirements for a Certification Authority is intended to provide a minimal, baseline set of requirements that are targeted at mitigating well defined and described threats.

The PP can be found here: https://www.niap-ccevs.org/Profile/Info.cfm?id=404

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Enterprise Session Controller Extended Package (ESC EP), Version 1.0, to the Network Device collaborative Protection Profile (NDcPP). This EP describes the security functionality of a telecommunication switch where its primary function is to set up, process, and terminate voice & video calls over an enterprise-wide Internet Protocol (IP) network. The EP can be found here: https://www.niap-ccevs.org/Profile/Info.cfm?id=396        

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Voice/Video over IP  Extended Package (VVoIP EP), Version 1.0, to the Network Device collaborative Protection Profile (NDcPP) and Software Application Protection Provile (APP PP). This EP  describes the security functionality of a VVoIP endpoint.  The most notable additions are requirements for the call control protocol and streaming media protocol. The EP can be found here: https://www.niap-ccevs.org/Profile/Info.cfm?id=399     

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Session Border Controller Extended Package (SBC EP), Version 1.1, to the Network Device collaborative Protection Profile (NDcPP). This EP includes updates and clarification to many requirements and assurance activities and adding the video component to Voice over IP. The EP can be found here: https://www.niap-ccevs.org/Profile/Info.cfm?id=405        

NIAP CCEVS has updated their Publication #6, Assurance Continuity: Guidance for Maintenance and Re-evaluation, Version 3.0, and has published to the NIAP website. The updated publication can be found here:  https://www.niap-ccevs.org/Documents_and_Guidance/guidance_docs.cfm.

If you have any questions or concerns, please contact us at 410-854-4458 or by email niap@niap-ccevs.org.     

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Protection Profile for Mobile Device Fundamentals, Version 3.0. The PP includes updates based on questions sent to the Technical Rapid Response Team, clarification to many requirements and assurance activities, mandating several objective requirements, adding several new objective requirements, and adding SFRs to support Bring Your Own Device (BYOD) Use Case. This PP can be found here: https://www.niap-ccevs.org/Profile/Info.cfm?id=381     

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the MACsec Ethernet Encryption Extended Package  Version 1.2.  The most notable change from Version 1.1 (March 2016) to Version 1.2 (May 2016) is that the requirement for eXtended Packet Numbering (XPN) was moved from required to optional and the assurance activity was updated to provide more detailed test procedures in accordance with TC feedback. All other changes were typographical.  Given the minimal changes, this version replaces the recently published Version 1.1 which has been sunset, effective immediately. 

A call for participants in the international Technical Community (iTC) to develop a collaborative Protection Profile (cPP) for Dedicated Security Components (DSC) has been posted to the Common Criteria Portal: https://www.commoncriteriaportal.org/communities/dedicated_security_components.cfm.

To join the iTC, please email: iTC-DSC@niap-ccevs.org.

The kick-off teleconference will be held on Friday April 29th, at 7:00 a.m. EDT.

NIAP encourages end users, industry partners, and other interested parties to join the iTC.     

Effective January 2016, the random number/bit generators specified in ANSI X9.31 and DUAL_EC_DRBG are disallowed for the US government. NIST provided notice in SP 800-131A, dated January 2011, and SP 800-131A Revision 1, dated November 2015 about the January 2016 effective date.  As a result, NIAP is no longer posting products using the ANSI X9.31 RNG and/or DUAL_EC_DRBG to the Product Compliant List (PCL). In addition, NIAP is reviewing each product on the PCL  affected by the NIST transition.  Products which only utilize a disallowed RNG will be archived immediately and vendors will be notified. For products which employ multiple RNG/DBRGs, vendors will be given a 30-day timeframe to determine, and submit an Impact Analysis Report (IAR),  if their product may be updated through NIAP's Assurance Continuity process.

The CCDB Application Software Working Group has completed the Essential Security Requirements for Application Software. Information on how to join the candidate iTC can be found here:

http://www.commoncriteriaportal.org/communities/application_software.cfm

NIAP has released the 2015 Progress Report that documents significant accomplishments in all NIAP mission areas under the new evaluation scheme.

See the Report.

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Extended Package for Secure Shell (SSH). The SSH EP has been developed to extend the Protection Profiles for Application Software (AppPP), General-Purpose
Operating Systems (GPOSPP), or Mobile Device Management (MDM).

This EP serves to extend the PP baselines with additional SFRs and associated Assurance Activities specific to SSH clients and servers. It is expected that the content of this EP and the chosen base PP be appropriately combined in the context of each product-specific Security Target. It is expected that the content of this EP will be appropriately combined with the base PP to include selection-based requirements in accordance with the selections and/or assignments made, and any optional and/or objective components. An ST must identify the applicable version of the base PP and this EP in its conformance claims.  An ST must identify the applicable versions of the PP chosen and this EP in its conformance claims.

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Wireless LAN Client Extended Package. The WLAN Client EP has been updated as an EP to either the General Purpose Operating System (OSPP) or the Mobile Device Fundamentals PP (MDF PP).

This EP extends the OS PP when the WLAN client is installed on an operating system that is evaluated against that PP. This EP extends the MDF PP when the WLAN client is installed on a self-contained mobile device evaluated against that PP.

As an EP of either the OS PP or the MDF PP, it is expected that the content of this EP and the chosen base PP be appropriately combined in the context of each product-specific Security Target. When this EP is used with the OS PP or MDF PP, conformant TOEs are obligated to implement the functionality required in those PPs with the additional functionality defined in this EP in response to the threat environment discussed subsequently herein. An ST must identify the applicable versions of the PP chosen and this EP in its conformance claims.

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of an updated Intrusion Prevention System (IPS) Extended Package (EP). The IPS EP has been updated as an EP to either the Network Device collaborative PP (NDcPP) or the Firewall collaborative PP (FWcPP). Upon review of both the NDcPP and the FWcPP, it was determined that all NDcPP SFRs are also in the FWcPP. The only changes made were to the front matter and to other references to the NDcPP.  The largest impact was that the EP introduced some new threats that are redundant with respect to the FWcPP so the SPD was updated to show that the EP can either address new threats (NDcPP case) or address existing threats in a more thorough manner (FWcPP). There was no direct impact to the SFRs in the EP.

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the SIP Server Version 2.0, the VPN Gateways Version 2.0, and the Intrusion Prevention Systems Version 2.0 Extended Packages (EPs).  These EP's have been updated to reflect changes to the base PP as a result of the transition from the Network Device Protection Profile (NDPP) to the Network Device collaborative PP (NDcPP). These updated versions do not include larger technical/scope changes, only the changes necessary to align with the NDcPP. The Security Requirements for NDcPP defines the baseline Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs) for network infrastructure devices in general. These EP's serve to extend the NDcPP baseline with additional SFRs and associated ‘Assurance Activities’ specific to each technology.

NIST has worked with NIAP to update FIPS 140-2 Annex B, taking into account the large investment companies have made in evaluating their products under Common Criteria and properly balancing this against the needs of federal users for higher security assurances from COTS products provided by higher level FIPS 140-2 validations.

Annex B is located here: http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexb.pdf

NIAP strives to increase assurance in National Security Systems through the use of commercial IT products evaluated against NIAP approved Protection Profiles which are based on international standards for IT security.

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the MACsec Ethernet Encryption Extended Package v1.0.  The Security Requirements for Network Devices in the Network Device (ND) collaborative Protection Profile (cPP), version 1.0,  defines the baseline Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs) for network devices in general. This new Extended Package extends the ND cPP baseline with additional SFRs and associated assurance activities specific to MACsec Ethernet Encryption.

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is inviting industry, government, end users, academic institutions, and labs with relevant technology expertise and research focus to participate in the following Technical Communities (TCs).  If you are interested in joining the technical community and participating in the development of Protection Profiles for these technologies, contact NIAP/CCEVS at:
 
Client Virtualization     tc-virtualization-staff@niap-ccevs.org
Redaction     tc-redaction-staff@niap-ccevs.org

Please provide the following information in the email:

     Name
     Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)
     Address
     Telephone number
     Email address
     A brief statement of the qualifications/interest for participation

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is inviting industry, government, end users, academic institutions, and labs with relevant technology expertise and research focus to participate in the following Technical Communities (TCs).  If you are interested in joining a technical community and participating in the development of Protection Profiles for these technologies, please contact NIAP/CCEVS at:

     Secure Shell (SSH)    tc-ssh-staff@niap-ccevs.org

     VPN Client    tc-vpnclient-staff@niap-ccevs.org

Please provide the following information in the email:

     Name
     Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)
     Address
     Telephone number
     Email address
     A brief statement of the qualifications/interest for participation

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Authentication Server Extended Package v1.0.  The Security Requirements for the Network Device (ND) collaborative Protection Profile (cPP), version 1.0, defines the baseline Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs) for network devices in general. The Security Requirements for the Application Software Protection Profile (App PP) defines the baseline Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs) for application software in general. This Extended Package serves to complement the NDcPP or the App PP with additional SFRs and associated Assurance Activities specific to the authentication server.

 The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Session Border Controller Extended Package v1.0.  The Security Requirements for Network Devices in the Network Device (ND) collaborative Protection Profile (cPP), version 1.0,  defines the baseline Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs) for network devices in general. This new Extended Package extends the ND cPP baseline with additional SFRs and associated assurance activities specific to Session Border Controllers.

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) and DISA Risk Management Executive (RME) Office are pleased to announce the publication of the DoD Annex to the Collaborative Protection Profile (cPP) for Stateful Traffic Filter Firewalls v1.0. This document, created through DISA/NIAP collaboration, addresses the DoD specificity to the NIST SP 800-53 controls identified in the cPP. As a result, the Annex in conjunction with the cPP serves as a single specification, within the DoD, for security of Stateful Traffic Filter Firewalls and supersedes any current DISA SRGs related to this technology. The publication of the Annex does not eliminate the DoD need for a product-specific Security Technical Implementation Guide (STIG); however, the results of the Common Criteria evaluation will be used to formulate a STIG. The benefit of this approach is that at the conclusion of a successful NIAP evaluation, a vendor's product will be certified as meeting the requisite NIST SP 800-53 controls and the information needed for a STIG will be available.

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) and DISA Risk Management Executive (RME) Office are pleased to announce the publication of the DoD Annexes to the NIAP Protection Profiles for Application Software v1.1, Mobile Device Fundamentals v2.0, Extended Package for Mobile Device Management Agents v2.0, and Mobile Device Management v2.0. These documents, created through DISA/NIAP collaboration, addresses the DoD specificity to the NIST SP 800-53 controls identified in the Protection Profiles. As a result, the Annex in conjunction with the PPs serves as a single specification, within the DoD, for security of the related technology and supersedes any current DISA SRGs related to those technologies. The publication of the Annexes do not eliminate the DoD need for a product-specific Security Technical Implementation Guide (STIG); however, the results of the Common Criteria evaluations will be used to formulate a STIG. The benefit of this approach is that at the conclusion of a successful NIAP evaluation, a vendor's product will be certified as meeting the requisite NIST SP 800-53 controls and the information needed for a STIG will be available.

You can now see events in a convenient log.

• 
  Australia/New Zealand
• 
  Canada
• 
  United Kingdom