NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems

Product Compliant List

The following products, evaluated and granted certificates by the NIAP/CCEVS or under CCRA partnering schemes, comply with the requirements of the NIAP program and where applicable, the requirements of the Federal Information Processing Standard (FIPS) Cryptographic validation program(s). Products on the PCL are evaluated and accredited at licensed/approved evaluation facilities for conformance to the Common Criteria for IT Security Evaluation (ISO Standard 15408). U.S. Customers (designated approving authorities, authorizing officials, integrators, etc.) may treat these mutually-recognized evaluation results as complying with the Committee on National Security Systems Policy (CNSSP) 11 National Policy Governing the Acquisition of Information Assurance (IA) and IA-Enabled Information Technology (IT) Products - dated June 2013 (

NIAP embraces the CCRA Management Committee Vision Statement for the future direction of the application of the CC and the CCRA. We are transitioning to an evaluation paradigm that produces achievable, testable, and repeatable evaluation results. Achieving success in the CCRA evolution requires a transition to Protection Profile compliance and a move away from EALs. This strengthens evaluations by focusing on technology specific, tailored assurance requirements. The list of products in the following portion of the list (not those listed in the VPL) are evaluated under the new Protection Profile paradigm against a NIAP-approved PP. This includes a collection of assurance activities tailored to the technology with no EAL assigned – hence the conformance claim is "PP".