NIAP: NIAP Home Page
What's coming in the new NIAP Webiste

NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help

  About NIAP

The National Information Assurance Partnership (NIAP) is responsible for U.S. implementation of the Common Criteria, including management of the NIAP Common Criteria Evaluation and Validation Scheme (CCEVS) validation body.  NIAP manages a national program for developing Protection Profiles, evaluation methodologies, and policies that will ensure achievable, repeatable, and testable requirements.  In partnership with NIST, NIAP also approves Common Criteria Testing Laboratories to conduct these security evaluations in private sector operations across the U.S. 

NIAP takes a collaborative approach to technology-specific protection profile development by supporting the creation of international technical communities of representatives from industry, government, end users, and academia.  This results in consistent evaluation methodologies across U.S. testing labs and among labs associated with international Common Criteria Recognition Arrangement schemes. 

NIAP also works with NATO and international standards bodies (ISO) to share Common Criteria evaluation experiences and avoid duplication of effort.  In the U.S., NIAP engages with other National Security Systems (NSS) users to ensure Protection Profiles, along with their associated DoD Annexes, provide a streamlined certification path for IA and IA enabled COTS products employed with NSS. 

  • NIAP Updates Entropy Guidance

    NIAP has issued guidance for using Entropy Source Validation certificates. Please see Entropy Documentation and Assessment Clarification (Release 2) and Labgram #118/Valgram #137 for more information.

  • NIAP 2023 Annual Report

    See the NIAP 2023 Annual Report to learn about NIAP accomplishments and activities in 2023. Read More

  • NIAP issues policy defining the requirements for Remote Testing

    NIAP has issued Policy 31 defining the requirements to verify the Common Criteria Test Laboratories (CCTL) have comparable control over any alternative test environment and the process for submitting remote testing requests. This policy is effective immediately for all new Remote Testing Requests submitted to NIAP.

    Read More

  • Call for Participants in the Enterprise Management Technical Community

    The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be a part of the Enterprise Management (EM) Technical Community (TC). Members of this TC are expected to provide technical input to develop a baseline set of security requirements for inclusion in the EM Protection Profile. A current draft of the Essential Security Requirements document can be found at this...

    Read More

  • NIAP Launches SBOM Pilot

    NIAP has launched the SBOM pilot.  All evaluations and assurance maintenance activities submitted to NIAP for evaluation claiming conformance against the Application Software Protection Profile (AppSW PP) or the future Application Software Collaborative Protection Profile (AppSW cPP) will be required to include an SBOM.  All applicable evaluations actions submitted to NIAP starting M...

    Read More

  • Want more news?

    Check out all the announcements online or...


  Focus Areas

U.S. Government
International Partners

Site Map              Contact Us