The National Information Assurance Partnership (NIAP) is introducing an initiative to form Technical Communities (TCs) for the development of Protection Profiles (PPs). A key goal for the TCs is to ensure that PPs are generated as the result of collaboration between Government, industry, and academia. The near term goal is to stand up TCs to develop NIAP-approved PPs with the future goal of acceptance of the Technical Community concept by the international CCRA community. This approach differs from what has been done for PPs in the past. Under the new approach, Subject Matter Experts (SMEs) within the TC are empowered to make decisions about PP content. Threat information will be provided by domain experts, and Security Functional Requirements (SFRs) and threats will be tightly integrated – only those capabilities supporting government needs or required to counter technology-specific threats will be included as SFRs in the PP. Objective assurance activities will be carefully crafted by SMEs from various TCs in an effort to generate reproducible results from the evaluation methodology consistently across labs and evaluators, to ensure security assurance requirements (SARs) are appropriate for the technology and the government’s needs, and to produce results that can be compared across technology areas.
Technical Community Purpose and Approach:
TCs are intended to be Government/Industry/Academia partnerships formed for the purposes of:
- developing, managing, and maintaining PPs to support evaluations of specific categories of technology,
- influencing the evolution of identified technologies to ensure they are able to satisfy US government protection needs in the face of changing threats, and
- ensuring PP content supports a process that is objective, efficient, yields repeatable results, and produces outcomes that have relevance and added-value to the operational user community.
TCs will be responsible for the following PP content:
- A set of technology-specific threats,
- The minimal security functionality sufficient to mitigate the identified threats, and
- A collection of assurance activities tailored to the technology and covering each functional requirement. These activities are to be objective, measurable, repeatable, effective, and scoped such that they can be completed within a reasonable timeframe.
NIAP Technical Communities Organization Overview:
The Steering Committee (SC) facilitates the work of individual Technical Communities and performs oversight of all TCs.
The Steering Committee has responsibility for forming and overseeing the Technical Communities to ensure consistency and completeness of the PPs developed by each Community. The Steering Committee is the approving authority for PPs developed by the TCs. Initially, NIAP will largely fulfill the role of the Steering Committee until the formation process is mature. Over time, however, it is envisioned that the Steering Committee could evolve to include other partners.
As illustrated, the Technical Communities are comprised of representatives from a broad range of affiliations such that the resultant PPs benefit from knowledge contributions that come from a variety of perspectives to produce effective and relevant technology content.
The guiding principles of the organization (SC and TCs) are:
Calls for participants for each Technical Community (TC) are sent to industry, government, end users, academic institutions, and labs as announcements posted on the NIAP website. All interested parties wanting to participate in any TC should provide the following information to the aliases below:
|For Application Software alias:||TC-App-Staff@niap-ccevs.org|
|For Authentication Server alias:||TC-AuthSvr-Staff@niap-ccevs.org|
|For Certificate Authority:||TC-Certificate-Authority-Staff@niap-ccevs.org|
|For E-mail Client alias:||TC-Email-Staff@niap-ccevs.org|
|For Enterprise Security Management (ESM):||TC-ESM-Staff@niap-ccevs.org|
|For Enterprise Session Controller (ESC):||TC-ESC-Staff@niap-ccevs.org|
|For Ethernet Encryption alias:||TC-Ethernet-Staff@niap-ccevs.org|
|For General Purpose Computing Platform (GPCP):||TC-GPCP-Staff@niap-ccevs.org|
|For Mobility alias:||TC-Mobility-Staff@niap-ccevs.org|
|For Multi-function Printer alias:||TC-MFP-Staff@niap-ccevs.org|
|For Operating Systems Fundamentals alias:||TC-OS-Staff@niap-ccevs.org|
|For Peripheral Sharing Switch alias:||TC-PSS-Staff@niap-ccevs.org|
|For Privileged Access Management (PAM) alias:||TC-PAM-Staff@niap-ccevs.org|
|For Session Border Control alias:||TC-SBC-Staff@niap-ccevs.org|
|For Software Defined Network (SDN) Controller:||TC-SDN-Staff@niap-ccevs.org|
|For Software File Encryption:||TC-File-Staff@niap-ccevs.org|
|For SSL/TLS Inspection:||TC-TLSI-Staff@niap-ccevs.org|
|For Transport Layer Security (TLS):||TC-TLS-Staff@niap-ccevs.org|
|For Video/Voice over IP (VVOIP):||TC-vVOIP-Staff@niap-ccevs.org|
|For Virtualization Server alias:||TC-Virtualization-Staff@niap-ccevs.org|
|For VPN Client:||TC-VPNClient-Staff@niap-ccevs.org|
|For VPN Gateway alias:||TC-VPNGW-Staff@niap-ccevs.org|
|For Web Browser alias:||TC-Web-Staff@niap-ccevs.org|
|For Wireless Intrusion Detection System (WIDS)||TC-Wids-Staff@niap-ccevs.org|
|For WLAN alias:||TC-WLAN-Staff@niap-ccevs.org|
For more information on International Technical Communities (iTCs), please visit the pages below:
|Application Software:||Common Criteria Website|
|Dedicated Security Components:||Common Criteria Website|
|Full Disk Encryption:||Common Criteria Website|
|Network Fundamentals and Firewalls:||Common Criteria Website|
|USB Portable Storage Devices:||Common Criteria Website|
For a comprehensive list of NIAP Protection Profiles in development, please see the Protection Profiles in Development page. Any parties interested in participating in one of these communities are welcome to contact NIAP directly for more information.