To begin the evaluation process, a product vendor chooses an approved Common Criteria Testing Lab (CCTL) to conduct the product evaluation against an applicable NIAP-approved Protection Profile. The vendor, with possible assistance from the lab, drafts the Security Target then provides the associated Target of Evaluation to the CCTL. The CCTL then proposes a new evaluation to NIAP. Once entered into evaluation, the CCTL evaluates the product with oversight, validation, and ultimate approval from NIAP. The graphic below provides detail of the inputs/outputs of the process. Upon successful completion, the product is posted to the NIAP Product Compliant List and the Common Criteria Portal. The evaluation process can be completed in just 90 days or up to six months.
NIAP Evaluation Process