NIAP Endorses HCD cPP V1.0E (23 April 2024)
NIAP has endorsed the Hardcopy Devices collaborative Protection Profile V1.0E (HCD cPP V1.0E) and published the cPP and Supporting Document to the NIAP-Approved PP List. This endorsement is a formal statement that products successfully evaluated against the HCD cPP V1.0E that demonstrate exact conformance to the cPP, meeting the below identified conditions, and in compliance with all NIAP policies, will be placed on the NIAP Product Compliant List:
· Each applicable cryptographic support security functional requirement (FCS_) must include at least one selection conforming to Commercial National Security Algorithm (CNSA) Suite V1.0 or V2.0;
· SHA-256 may be selected in FCS_PCC_EXT.1 and may be included in FCS_COP.1/Hash and FCS_COP.1/KeyedHash for that function; and
· SHA-1 may not be selected.
This version succeeds the HCD PP V1.0 which will sunset effective 23 October 2024.
NIAP Updates Entropy Guidance (12 April 2024)
NIAP has issued guidance for using Entropy Source Validation certificates. Please see Entropy Documentation and Assessment Clarification (Release 2) and Labgram #118/Valgram #137 for more information.
NIAP 2023 Annual Report (11 April 2024)
See the NIAP 2023 Annual Report to learn about NIAP accomplishments and activities in 2023. Read the report here.
NIAP issues policy defining the requirements for Remote Testing (11 April 2024)
NIAP has issued Policy 31 defining the requirements to verify the Common Criteria Test Laboratories (CCTL) have comparable control over any alternative test environment and the process for submitting remote testing requests. This policy is effective immediately for all new Remote Testing Requests submitted to NIAP.
Call for Participants in the Enterprise Management Technical Community (27 March 2024)
The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be a part of the Enterprise Management (EM) Technical Community (TC). Members of this TC are expected to provide technical input to develop a baseline set of security requirements for inclusion in the EM Protection Profile. A current draft of the Essential Security Requirements document can be found at this link: https://github.com/commoncriteria/enterprise-management/blob/main/output/ESR-EM-Feb2024_v2.1.pdf
All interested parties should contact NIAP/CCEVS at tc-em-staff@niap-ccevs.org, providing the information listed below for each potential participant:
• Name
• Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)
• Telephone number
• Email address
• A brief statement of the qualifications for participation in the TC
The initial kick-off meeting will commence 10 April at 1:00PM EDT, and an invite will be sent to the TC alias. We look forward to your participation!
NIAP Launches SBOM Pilot (07 March 2024)
NIAP has launched the SBOM pilot. All evaluations and assurance maintenance activities submitted to NIAP for evaluation claiming conformance against the Application Software Protection Profile (AppSW PP) or the future Application Software Collaborative Protection Profile (AppSW cPP) will be required to include an SBOM. All applicable evaluations actions submitted to NIAP starting March 1, 2024 must conform to this policy. All applicable assurance maintenance activities starting September 1, 2024 must conform to this policy.
SBOM Process: Labgram 117 / Valgram 136
Previous Announcements
NIAP Endorses NDcPP v3.0e (14 December 2023)
NIAP has endorsed the Network Device collaborative Protection Profile v3.0e (NDcPP v3.0e) and published the cPP and Supporting Document to the NIAP-Approved PP List. This endorsement is a formal statement that products successfully evaluated against the NDcPP v3.0e that demonstrate exact conformance to the cPP, and in compliance with all NIAP policies, will be placed on the NIAP Product Compliant List. This version succeeds Version 2.2e which will sunset effective 14 June 2024.
NIAP Progress Report - Third Quarter 2023 (29 November 2023)
See the NIAP Third Quarter Progress Report to learn about recent NIAP accomplishments and activities, and upcoming releases. Read the Report Here
NIAP SBOM Policy Review (24 November 2023)
The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) has released draft SBOM policy documents and an accompanying comment matrix to the CCUF portal. If you are interested in providing feedback please send your completed comment matrix to SBOM_team@niap-ccevs.org by COB December 8th.
Also, if you'd like to be added to the NIAP SBOM information alias, please send your request to SBOM-staff@niap-ccevs.org.
Call for Participants in the Retransmission Device Technical Community (07 November 2023)
The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be a part of the Retransmission Device (RD) Technical Community (TC). Members of this TC are expected to provide technical input to develop a baseline set of security requirements for inclusion in the RD Protection Profile and support the RD requirements in the Commercial Solutions for Classified program's Mobile Access Capability Package.
For more information regarding the new Protection Profile, please view the Essential Security Requirements (ESR) document here.
All interested parties should contact NIAP/CCEVS at tc-rd-staff@niap-ccevs.org, providing the information listed below for each potential participant:
• Name
• Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)
• Telephone number
• Email address
• A brief statement of the qualifications for participation in the TC
The initial kick-off meeting will commence December 7, 2023. We look forward to your participation!
Call for Participants in the SDN Technical Community (18 October 2023)
The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be a part of the Software Defined Networking (SDN) Technical Community (TC). Members of this TC are expected to provide technical input to develop a baseline set of security requirements for inclusion in the SDN Protection Profile.
All interested parties should contact NIAP/CCEVS at tc-sdn-staff@niap-ccevs.org, providing the information listed below for each potential participant:
• Name
• Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)
• Telephone number
• Email address
• A brief statement of the qualifications for participation in the TC
The initial kick-off meeting will commence January 10, 2024. Connection information will be sent to members of the TC. We look forward to your participation!
PP-Module VPN Gateway v1.3 Published! (05 September 2023)
The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Protection Profile-Module for Virtual Private Network (VPN) Gateway, Version 1.3. Notable changes include fixing issues with multifactor authentication and applying all applicable NIAP Technical Decisions.
Call for Participants in the x509 Technical Community (24 August 2023)
The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be part of a Technical Community (TC) for the development of the x509 Functional Package. Members of this TC are expected to provide technical input to unify the FIA_x509 requirements.
All interested parties should contact NIAP/CCEVS at tc-x509-staff@niap-ccevs.org, providing the information listed below for each potential participant:
• Name
• Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)
• Telephone number
• Email address
• A brief statement of the qualifications for participation in the TC
We look forward to your participation and will hold a kickoff meeting on 12 September 2023 at 1100 EST.
NIAP Progress Report - Second Quarter 2023 (10 August 2023)
See the NIAP Second Quarter Progress Report to learn about recent NIAP accomplishments and activities, and upcoming releases. Read the report here.
NIAP Progress Report - First Quarter 2023 (11 May 2023)
See the NIAP First Quarter Progress Report to learn about recent NIAP accomplishments and activities, and upcoming releases. Read the report here.