What does NIAP mean?

National Information Assurance Partnership
The National Information Assurance Partnership (NIAP) is responsible for overseeing and monitoring the security of commercial IT products used in National Security Systems.

What is Common Criteria certification?

Common Criteria is a framework in which computer system users can specify their security functional requirements (SFRs) and security functional assurance requirements (SARs) using Protection Profiles (PPs).

What does IA enabled mean?

Definition(s): Product whose primary role is not security, but provides security services as an associated feature of its intended operating capabilities.

How many EAL levels are there?

seven Evaluation Assurance Levels
There are seven Evaluation Assurance Levels (EALs). The higher the level, the more confidence you can have that the security functional requirements have been met.

What is Niap analysis?

NIAP employs the CCEVS to provide government oversight or “validation” to U.S. Common Criteria (CC) evaluations to ensure correct conformance to the International Common Criteria for IT Security Evaluation (ISO/IEC 15408).

What has replaced EALS and why was this change made?

In October of 2009, the National Information Assurance Partnership (NIAP), transitioned away from Evaluation Assurance Levels (EAL) and moved to Protection Profiles (PP). NIAP made the move to PPs because EAL requirements gave a false level of security. EAL diminished Common Criteria and NIAP’s credibility.

Is Common Criteria mandatory?

All IT security products purchased by the U.S. government for national security systems are required to have Common Criteria certification and many government agencies specifically write it into their RFPs. Common Criteria certification is a necessity.

What organizations use Common Criteria?

In the US, the National Institute of Standards and Technology (NIST) National Voluntary Laboratory Accreditation Program (NVLAP) accredits Common Criteria Testing Laboratories (CCTL)

What is IA and IA enabled?

An IA-enabled product is a product or technology whose primary role is not security, but which provides security services as an associated feature of its intended operating capabilities. Examples include such products as security-enabled web browsers, screening routers, and security-enabled messaging systems.

What do you need to know about NIAP certification?

All products evaluated under NIAP must demonstrate exact compliance to the applicable Protection Profile (s). NIAP validates the results of the security evaluation conducted by the CCTL, if the evaluation is successful, issues a Common Criteria certificate.

Can a product be removed from the NIAP evaluation list?

If the product evaluation exceeds the estimated completion date but has not exceeded the 180-day evaluation timeline requirement, the schedule will be updated and the product may remain on the Products in Evaluation list. If an evaluation exceeds the 180-day limit it will be terminated and removed from the Products in Evaluation list.

Is the National Information Assurance partnership ( NIAP ) a technical community?

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be part of a Technical Community (TC) for the update of the VPN Client and VPN Gateway (GW) PP-Modules.

How does NIAP comply with the CCRA vision statement?

NIAP has implemented the CCRA Management Committee Vision Statement for the application of the CC and the CCRA and no longer evaluates against Evaluation Assurance Levels (EAL). This strengthens evaluations by focusing on technology specific security requirements.