NIAP: Evaluation Process
  NIAP  »»  Evaluation Process  
Evaluation Process

To begin the evaluation process, a product vendor chooses an approved Common Criteria Testing Lab (CCTL) to conduct the product evaluation against an applicable NIAP-approved Protection Profile.  The vendor, with possible assistance from the lab, drafts the Security Target then provides the associated Target of Evaluation to the CCTL.  The CCTL then proposes a new evaluation to NIAP.  Once entered into evaluation, the CCTL evaluates the product with oversight, validation, and ultimate approval from NIAP.  The graphic below provides detail of the inputs/outputs of the process.  Upon successful completion, the product is posted to the NIAP Product Compliant List and the Common Criteria Portal.  The evaluation process can be completed in just 90 days or up to six months. 

The NIAP Validation Process

NIAP Evaluation Process
  1. Vendor approaches Common Criteria Testing Lab (CCTL) with COTS IT Product
    1. Include:  Draft Security Target & Applicable NIAP-Approved Protection Profile(s)
  2. Check-In Process
    1. CCTL Proposes new Evaluation to NIAP
      1. Include:  Entropy Assessment Report (EAR), Draft Security Target, Claimed Protection Profile(s), Estimated Timeline
    2. Evaluation “Checked In” with NIAP:
      1. NIAP Validators Assigned
      2. Deliverables Reviewed/PP Conformance Claims Analyzed
      3. Check-in Telecon
    3. Timeline:  2 weeks (Estimated)
  3. Evaluation/Check-Out Proceedings
    1. Lab evaluates product and provides all relevant documentation to NIAP
      1. Sync sessions may be held between Lab/Validators to answer questions & resolve issues
      2. Including NIAP Forms:  F8002b (Approval for Posting), F8003 (Certificate Worksheet), & F8004 (Evaluation Survey)
    2. Evaluation Checkout
      1. NIAP Validators review all delivered relevant documentation
        1. Possibly return to lab for corrections to documentation or clarification
      2. NIAP Submits DRAFT CC Certificate for approval to Lab/Vendor
      3. Timeline:  3 weeks (Estimated)
    3. NIAP Validators submit final package approval with finalized: 
      1. Security Target
      2. Administrative Guidance
      3. Assurance Activities Report
      4. Validation Report
      5. Certificate
      6. Product Compliant List (PCL) Entry Form
    4. Timeline: 
      1. Target:  90 Days
      2. Max:  6 Months
  4. Product is posted to NIAP Product Compliant List and Common Criteria Portal
Site Map              Contact Us              Home