NIAP: NIAP Technical Communities
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  NIAP Technical Communities  
NIAP Technical Communities

The National Information Assurance Partnership (NIAP) is introducing an initiative to form Technical Communities (TCs) for the development of Protection Profiles (PPs). A key goal for the TCs is to ensure that PPs are generated as the result of collaboration between Government, industry, and academia. The near term goal is to stand up TCs to develop NIAP-approved PPs with the future goal of acceptance of the Technical Community concept by the international CCRA community. This approach differs from what has been done for PPs in the past. Under the new approach, Subject Matter Experts (SMEs) within the TC are empowered to make decisions about PP content. Threat information will be provided by domain experts, and Security Functional Requirements (SFRs) and threats will be tightly integrated – only those capabilities supporting government needs or required to counter technology-specific threats will be included as SFRs in the PP. Objective assurance activities will be carefully crafted by SMEs from various TCs in an effort to generate reproducible results from the evaluation methodology consistently across labs and evaluators, to ensure security assurance requirements (SARs) are appropriate for the technology and the government’s needs, and to produce results that can be compared across technology areas.

Technical Community Purpose and Approach:

TCs are intended to be Government/Industry/Academia partnerships formed for the purposes of:

  • developing, managing, and maintaining PPs to support evaluations of specific categories of technology,
  • influencing the evolution of identified technologies to ensure they are able to satisfy US government protection needs in the face of changing threats, and
  • ensuring PP content supports a process that is objective, efficient, yields repeatable results, and produces outcomes that have relevance and added-value to the operational user community.

TCs will be responsible for the following PP content:

  • A set of technology-specific threats,
  • The minimal security functionality sufficient to mitigate the identified threats, and
  • A collection of assurance activities tailored to the technology and covering each functional requirement. These activities are to be objective, measurable, repeatable, effective, and scoped such that they can be completed within a reasonable timeframe.

NIAP Technical Communities Organization Overview:

NIAP Technical Communities Organization Overview

The Steering Committee (SC) facilitates the work of individual Technical Communities and performs oversight of all TCs.

The Steering Committee has responsibility for forming and overseeing the Technical Communities to ensure consistency and completeness of the PPs developed by each Community. The Steering Committee is the approving authority for PPs developed by the TCs. Initially, NIAP will largely fulfill the role of the Steering Committee until the formation process is mature. Over time, however, it is envisioned that the Steering Committee could evolve to include other partners.

As illustrated, the Technical Communities are comprised of representatives from a broad range of affiliations such that the resultant PPs benefit from knowledge contributions that come from a variety of perspectives to produce effective and relevant technology content.

The guiding principles of the organization (SC and TCs) are:

  • Consistency
  • Transparency
  • Collaboration
  • Scalability
  • Improved "time to market"
  • Leverages industry expertise
  • International participation
  • Collective ownership of the process

Calls for participants for each Technical Community (TC) are sent to industry, government, end users, academic institutions, and labs as announcements posted on the NIAP website. All interested parties wanting to participate in any TC should provide the following information to the aliases below:

  • Name
  • Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)
  • Address
  • Telephone number
  • Email address
  • A brief statement of the qualifications for participation in the TC
For Application Software alias: TC-App-Staff@niap-ccevs.org
For Authentication Server alias: TC-AuthSvr-Staff@niap-ccevs.org
For Bluetooth alias: TC-BT-Staff@niap-ccevs.org
For Certificate Authority alias: TC-Certificate-Authority-Staff@niap-ccevs.org
For Cryptographic alias: TC-Crypto-Staff@niap-ccevs.org
For E-mail Client alias: TC-Email-Staff@niap-ccevs.org
For Enterprise Security Management (ESM) alias: TC-ESM-Staff@niap-ccevs.org
For Enterprise Session Controller (ESC) alias: TC-ESC-Staff@niap-ccevs.org
For Ethernet Encryption alias: TC-Ethernet-Staff@niap-ccevs.org
For General Purpose Computing Platform (GPCP) alias: TC-GPCP-Staff@niap-ccevs.org
For Mobility alias: TC-Mobility-Staff@niap-ccevs.org
For Multi-function Printer alias: TC-MFP-Staff@niap-ccevs.org
For Operating Systems Fundamentals alias: TC-OS-Staff@niap-ccevs.org
For Peripheral Sharing Switch alias: TC-PSS-Staff@niap-ccevs.org
For Privileged Access Management (PAM) alias: TC-PAM-Staff@niap-ccevs.org
For Redaction alias: TC-Redaction-Staff@niap-ccevs.org
For Retransmission Device alias: TC-RD-Staff@niap-ccevs.org
For Session Border Control alias: TC-SBC-Staff@niap-ccevs.org
For Software Defined Network (SDN) Controller alias: TC-SDN-Staff@niap-ccevs.org
For Software File Encryption alias: TC-File-Staff@niap-ccevs.org
For SSH alias: TC-SSH-Staff@niap-ccevs.org
For SSL/TLS Inspection alias: TC-TLSI-Staff@niap-ccevs.org
For Transport Layer Security (TLS) alias: TC-TLS-Staff@niap-ccevs.org
For Video/Voice over IP (VVOIP) alias: TC-vVOIP-Staff@niap-ccevs.org
For Virtualization Server alias: TC-Virtualization-Staff@niap-ccevs.org
For VPN Client alias: TC-VPNClient-Staff@niap-ccevs.org
For VPN Gateway alias: TC-VPNGW-Staff@niap-ccevs.org
For Web Browser alias: TC-Web-Staff@niap-ccevs.org
For Wireless Intrusion Detection System (WIDS) alias: TC-Wids-Staff@niap-ccevs.org
For WLAN alias: TC-WLAN-Staff@niap-ccevs.org

For more information on International Technical Communities (iTCs), please visit the pages below:

Application Software: Common Criteria Website
Biometrics: Common Criteria Website
Dedicated Security Components: Common Criteria Website
Full Disk Encryption: Common Criteria Website
Hardcopy Devices: Common Criteria Website
Network Fundamentals and Firewalls: Common Criteria Website
USB Portable Storage Devices: Common Criteria Website

For a comprehensive list of NIAP Protection Profiles in development, please see the Protection Profiles in Development page. Any parties interested in participating in one of these communities are welcome to contact NIAP directly for more information.

 
Site Map              Contact Us              Home