What is Common Criteria NIAP?

Table of Contents

What is Common Criteria NIAP?

This program includes the NIAP-managed Common Criteria Evaluation and Validation Scheme (CCEVS or Scheme), a national program for developing protection profiles, evaluation methodologies, and policies that ensures achievable, repeatable, and testable security requirements.

What is NIAP compliance?

NIAP certification is a commercial cybersecurity product certification that is mandated by federal procurement requirements (CNSSP 11) for use in U.S. National Security Systems (NSS). Its primary purpose is to certify commercial technology or products which will be used to handle sensitive data.

What is the Common Criteria standard?

Common Criteria (CC) is an international set of guidelines and specifications developed for evaluating information security products, specifically to ensure they meet an agreed-upon security standard for government deployments.

What is NIAP analysis?

NIAP validates the security of commercial hardware and software used in national security systems. Operated by the U.S. National Security Agency (NSA), the NIAP program provides a standard way for federal government, contractors and suppliers to evaluate internally developed and commercial products.

What is the purpose of ISO 15408?

ISO/IEC 15408-1:2009 establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of ISO/IEC 15408 which in its entirety is meant to be used as the basis for evaluation of security properties of IT products.

What is the relationship between Common Criteria CC and protection profiles?

The CC evaluates a specific system or product against a protection profile or a security target. A protection profile is usually written by an organization with specific ITS requirements in mind but no specific system or product in mind.

Is Common Criteria still used?

The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. It is currently in version 3.1 revision 5.

What is Common Criteria used for?

A Common Criteria evaluation allows an objective evaluation to validate that a particular product satisfies a defined set of security requirements. The focus of the Common Criteria is evaluation of a product or system, and less on development of requirements.

What ISO is the Common Criteria?

ISO / IEC 15408
The Common Criteria for Information Technology Security Evaluation (Common Criteria or CC) is an international standard (ISO / IEC 15408) for IT product security certification. It is a framework that provides criteria for independent, scalable and globally recognized security inspections for IT products.

What is the purpose of ISO 15408 otherwise known as the ISO Common Criteria?

The CC is an international standard (ISO/IEC 15408) for computer security. A Common Criteria evaluation allows an objective evaluation to validate that a particular product satisfies a defined set of security requirements.

Who uses the Common Criteria?

The Common Criteria (CC) were developed through a combined effort of six countries: the United States, Canada, France, Germany, the Netherlands, and the United Kingdom.

What organizations use Common Criteria?

Common Criteria is used as the basis for a government-driven certification scheme. Evaluations are typically completed for the use of Federal Government agencies and critical infrastructure.

Does NIAP mutually recognize evaluations completed under the terms of CCRA?

NIAP mutually recognizes evaluations completed under the terms of the CCRA. If a product evaluated in another CCRA Scheme is listed on NIAP’s PCL after undergoing the above process, it is eligible for procurement for use in national securty systems as per the Committee on National Security Systems Policy (CNSSP) #11.

Does NIAP negotiate the cost of an evaluation?

The cost of an evaluation is negotiated between the vendor and the Common Criteria Testing Laboratory (CCTL), and NIAP is not involved or privy to evaluation costs. Vendors are encouraged to contact multiple NIAP CCTLs to compare expertise, experience, and costs.

What is the difference between Niap and NIST?

While both NIAP and the NIST programs are used to evaluate COTS IA and IA-enabled products, they focus on different aspects of the product and use different criteria.

What is NIAP’s assurance continuity?

NIAP’s Assurance Continuity is typically a quick turn process to update a product evaluation. More details are available in NIAP’s Publication 6 , Assurance Continuity: Guidance for Maintenance and Re-evaluation.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.