NIAP: NIAP Home Page
NIAP/CCEVS Home Page

NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems 		Questions? We're here to help
  Quick Links



  About NIAP

The National Information Assurance Partnership (NIAP) is responsible for U.S. implementation of the Common Criteria, including management of the NIAP Common Criteria Evaluation and Validation Scheme (CCEVS) validation body.  NIAP manages a national program for developing Protection Profiles, evaluation methodologies, and policies that will ensure achievable, repeatable, and testable requirements.  In partnership with NIST, NIAP also approves Common Criteria Testing Laboratories to conduct these security evaluations in private sector operations across the U.S. 

NIAP takes a collaborative approach to technology-specific protection profile development by supporting the creation of international technical communities of representatives from industry, government, end users, and academia.  This results in consistent evaluation methodologies across U.S. testing labs and among labs associated with international Common Criteria Recognition Arrangement schemes. 

NIAP also works with NATO and international standards bodies (ISO) to share Common Criteria evaluation experiences and avoid duplication of effort.  In the U.S., NIAP engages with other National Security Systems (NSS) users to ensure Protection Profiles, along with their associated DoD Annexes, provide a streamlined certification path for IA and IA enabled COTS products employed with NSS. 

  News and Updates — subscribe

  • Mobile Device Management Protection Profile v3.0 and Mobile Device Management Agents Extended Package v3.0 Published

    The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Protection Profile for Mobile Device Management, Version 3.0 (MDM PP v3.0) and MDM Agents Extended Package, Version 3.0 (MDM Agent EP v3.0). This PP/EP includes updates based on questions sent to the Technical Rapid Response Team, clarification to many requirements and assurance activities, and adding SFRs to support Bring Your Own Device (BYOD) Use Case. This PP/EP ca...

    Read More

  • Updated DoD Annexes for MDM PP and MDM Agent PP v2.0

    An updated version of the DoD Annex for the Mobile Device Management Protection Profile (MDM PP) v2.0 and MDM Agent PP v2.0 has been published to the NIAP Protection Profile website.  These DoD Annexes are used to mandate specific PP selections, assignments, and security functional requirements to be fully compliant with DoD cybersecurity policies, and applies to all DoD-administered systems and all systems connected to DoD networks.     

     

  • Virtualization Base PP, Server Virtualization EP, and Client Virtualization EP Published

    The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Protection Profile for Virtualization (Base) Version 1.0, the Protection Profile for Virtualization Extended Package – Server Virtualization Version 1.0 and the Protection Profile for Virtu...

    Read More

  • NIAP Policy #5, Policy #5 Frequently Asked Questions, and CAVP Mapping Document

    NIAP CCEVS Policy #5: "Applicability and Relationship of NIST Cryptographic Algorithm Validation Program (CAVP) and Cryptographic Module Validation Program (CMVP) to NIAP’s Common Criteria Evaluation and Validation Scheme (CCEVS)" and "Frequently Asked Questions for NIAP Policy #5" have been updated and published to the NIAP website. In addition, an accompanying CAVP Mapping Document has been published. Policy #5, Policy #5 FAQ, and the CAVP mapping document provide clarification and guidance of how NIST's ...

    Read More

  • Certification Authorities Protection Profile version 2.0 (CA PP v2.0) Published

    The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Certificate Authorities Protection Profile version 2.0.   A CA system is an entity that issues and manages public-key certificates and is the primary component of a public key infrastructure (PKI), which consists of programs, data formats, procedures, communication protocols, secu...

    Read More

  • Enterprise Session Controller Extended Package (ESC EP) Version 1.0 Published

    The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Enterprise Session Controller Extended Package (ESC EP), Version 1.0, to the Network Device collaborative Protection Profile (NDcPP). This EP describes the security functionality of a telecommunication switch where its primary function is to set up, process, and terminate voice & video calls over an enterprise-wide Internet Protocol (IP) network. The EP can be...

    Read More

  • NIAP Progress Report - Third Quarter 2016 Now Available

    See the NIAP 3rd Quarter Progress report to learn about recent NIAP accomplishments and activities, and upcoming releases.

    See the report.

     

  • MDF PP DoD Annexes Published

    NIAP is pleased to announce that the DoD Annex for Mobile Device Fundamentals Protection Profile (MDF PP) v3.0 has been published to the NIAP Protection Profile website.  An updated version of the DoD Annex for MDF PP v2.0 has also been published .  These DoD Annexes are used to mandate specific PP selections, assignments, and security functional requirements to be fully compliant with DoD cybersecurity policies, and applies to all DoD-administered systems and all systems connected to DoD networks. &nb...

    Read More

  • Want more news?

    Check out all the announcements online or...

    subscribe.

  Focus Areas

Industry
 
U.S. Government
 
International Partners
  Events


Site Map              Contact Us