NIAP: NIAP Home Page
NIAP/CCEVS Home Page

NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help

  About NIAP

The National Information Assurance Partnership (NIAP) is responsible for U.S. implementation of the Common Criteria, including management of the NIAP Common Criteria Evaluation and Validation Scheme (CCEVS) validation body.  NIAP manages a national program for developing protection profiles, evaluation methodologies, and policies that will ensure achievable, repeatable, and testable requirements.  In partnership with NIST, NIAP also approves Common Criteria Testing Laboratories to conduct these security evaluations in private sector operations across the U.S. 

NIAP takes a collaborative approach to technology-specific protection profile development by supporting the creation of international technical communities of representatives from industry, government, end users, and academia.  This results in consistent evaluation methodologies across U.S. testing labs and among labs associated with international Common Criteria Recognition Arrangement schemes. 

NIAP also works with NATO and international standards bodies (ISO) to share Common Criteria evaluation experiences and avoid duplication of effort.  In the U.S., NIAP engages with other National Security Systems users to ensure protection profiles align with corresponding security documents including Security Requirements Guides/Security Technical Implementation Guides (SRGs/STIGs). 


  Focus Areas

Industry
 
U.S. Government
 
International Partners

  • Intrusion Prevention Systems Version 2.1 Extended Package (EP) Published

    The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of an updated Intrusion Prevention System (IPS) Extended Package (EP). The IPS EP has been updated as an EP to either the Network Device collaborative PP (NDcPP) or the Firewall collaborative PP (FWcPP). Upon review of both the NDcPP and the FWcPP, it was determined that all NDcPP SFRs are also in the FWcPP. The only changes made were to the front matter and to other referenc...

    Read More

  • Application Software Extended Package for Redaction Tools Published

    The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Application Software Extended Package for Redaction Tools.  This EP describes the extended security functionality of a redaction tool in terms of CC. As an extension of the App PP, it is expected that the content of this EP will be appropriately combined with the App PP to include selection-based requirements in accordance with the selections and/or assignments ma...

    Read More

  • SIP Server Version 2.0, VPN Gateways Version 2.0, and Intrusion Prevention Systems Version 2.0 Extended Packages (EPs) Published

    The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the SIP Server Version 2.0, the VPN Gateways Version 2.0, and the Intrusion Prevention Systems Version 2.0 Extended Packages (EPs).  These EP's have been updated to reflect changes to the base PP as a result of the transition from the Network Device Protection Profile (NDPP) to t...

    Read More

  • NIST Update of FIPS 140-2 Annex B

    NIST has worked with NIAP to update FIPS 140-2 Annex B, taking into account the large investment companies have made in evaluating their products under Common Criteria and properly balancing this against the needs of federal users for higher security assurances from COTS products provided by higher level FIPS...

    Read More

  • Interim Guidance for Evaluation of Self-Encrypting Drives for the Hard Copy Device Protection Profile (HCD PP)

    NIAP has published Interim Guidance for Evaluation of Self-Encrypting Drives for the Hard Copy Device Protection Profile (HCD PP). The guidance can be found here: Documents and Guidance

  • Guidance on Protection Profile Requirements: Objective to Mandatory

    The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) has posted Guidance on Protection Profile Requirements: Objective to Mandatory. The guidance can be found here: Documents and Guidance

  • Want more news?

    Check out all the announcements online or...

    subscribe.












  Events


Site Map              Contact Us