NIAP: Scheme Policy Letters
NIAP/CCEVS
  NIAP  »»  Resources  »»  Scheme Policy Letters  
Scheme Policy Letters

The following CCEVS guidance documents are currently available. Comments on any scheme publication can be forwarded to niap@niap-ccevs.org.

Current Policy Letters
   #     Title Date
This list was generated on Monday, 2024.03.18 at 2302.
001 Appropriateness of Language in Security Targets (ST), Assurance Activity Reports (AARs), Product Compliant List (PCL) Entries, Validation Reports (VR), and Any Other Publicly Available Evaluation Documentation 2014.08.29
004 Inactive Evaluations 2010.01.12
005 Applicability and Relationship of NIST Cryptographic Algorithm Validation Program (CAVP) and Cryptographic Module Validation Program (CMVP) to NIAP’s Common Criteria Evaluation and Validation Scheme (CCEVS) 2019.12.06
011 Candidate CCTL Policy 2010.01.12
012 Acceptance Requirements of a Product for NIAP Evaluation 2014.08.29
017 Effects of Vulnerabilities in Evaluated Products 2014.08.29
018 Time Limits on NIAP Evaluations 2014.02.19
024 Posting Administrative Guidance Documents on the NIAP Product Compliant List 2015.08.06
025 Terminated Evaluations: Limitations and Restrictions 2016.03.16
026 Limitation to Acceptance of a Product for NIAP Evaluation and Posting on the NIAP PCL 2019.03.20
027 Withdrawn Evaluations: Limitations and Restrictions 2019.07.02
028 Use of evaluated Dedicated Security Components (DSCs) in Common Criteria Evaluation and Validation Scheme (CCEVS) evaluations 2020.12.04
029 Certificate Maintenance Length for CCEVS Evaluations 2023.03.31
030 Use of SBOMs in NIAP Common Criteria Evaluations 2024.03.01
Superseded or Outdated Policy Letters
   #     Title Date
This list was generated on Monday, 2024.03.18 at 2302.
001 Language in STs, ETRs, VPL, & VRs 2010.01.12
002 Reuse of Previous Evaluation Results & Evidence 2002.03.04
003 Target of Evaluation Security Targets Claiming Conformance to Protection Profiles 2008.09.08
004 Inactive Evaluations 2008.09.08
005 Applicability and Relationship of NIST Cryptographic Algorithm Validation Program (CAVP) and Cryptographic Module Validation Program (CMVP) to NIAP’s Common Criteria Evaluation and Validation Scheme (CCEVS). 2018.06.25
006 Location of CCTL Evaluation Testing Activities 2003.10.20
007 Evaluation Conflict of Interest 2004.11.22
008 Rules for Component Evaluations under CCEVS 2005.03.01
009 Crypto in Common Criteria Evaluations 2005.06.13
010 Acceptance of Security Targets (STs) Into NIAP CCEVS Evaluation 2010.01.22
011 Candidate CCTL Policy 2008.09.08
012 Acceptance Requirements of a Product for CCEVS Evaluation 2011.12.08
013 Acceptable TOEs for Evaluation 2007.05.24
014 Requirements for Committing NSA Resources to CCEVS Evaluations 2006.04.21
015 Mandatory Inclusion of Audit Generation Functionality in TOEs 2008.09.08
016 Validator Oversight Review (VOR) Scheduling Priorities 2010.01.12
017 Effects of Vulnerabilities in Evaluated Products 2010.01.12
018 Time Limits on CCEVS Evaluations 2010.01.12
019 Requirements for Evaluations with Components above Evaluated Assurance Level (EAL) 4 2008.09.08
020 NIAP policy for the use of IEEE Multifunction Function Device Protection Profiles (IEEE 2600.1 and IEEE 2600.2) 2010.11.15
021 NIAP Evaluated Product Assurance Maintenance - Products with Evaluation Assurance Level (EAL) Claims 2014.10.20
022 NIAP Evaluated Product Assurance Maintenance - Protection Profile Compliant Products 2014.10.20
023 NIAP evaluation of IEEE 802.11 wireless products 2014.11.04
Site Map              Contact Us              Home