NIAP: NIAP CCEVS Announcements
NIAP/CCEVS
  NIAP  »»  Announcements  »»  NIAP Announcements  
NIAP Announcements

  NIAP Endorses cPP for Application Software V1.0E and cPP Modules (18 June 2024)

NIAP has endorsed the collaborative Protection Profile for Application Software  V1.0E (CPP_APP_V1.0E), cPP-Module for Agent Applications V1.0E (MOD_CPP_AGENT_V1.0E), and cPP-Module for Server Applications (MOD_CPP_SERVER_V1.0E) and published the cPP, cPP-Modules, and Supporting Documents to the NIAP-Approved PP List.  This endorsement is a formal statement that products successfully evaluated against the CPP_APP_V1.0E or PP-Configurations containing the cPP and one or more cPP-Modules that demonstrate exact conformance to the cPP or PP-Configuration, meeting the below identified conditions, and in compliance with all NIAP policies, will be placed on the NIAP Product Compliant List:

·       Each applicable cryptographic support security functional requirement (FCS_) must include at least one selection conforming to Commercial National Security Algorithm (CNSA) Suite V1.0 or V2.0;

·       SHA-256 may be used in FCS_CKM_EXT.1/PBKDF2 and may be included in FCS_COP.1/Hash and FCS_COP.1/KeyedHash for that function; and

·       SHA-1 may not be selected.

The cPP is designed for enterprise software and compliments NIAP's existing Application Software PP, which will still cover end point and mobile applications.

direct link to this item: https://www.niap-ccevs.org/Announcements/Announcements.cfm#ann1314

  Call for Participants in the Application Software Technical Community (07 June 2024)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be part of a Technical Community (TC) for the update of the Protection Profile for Application Software v2.0. The purpose of this update is to convert to the latest version of the Common Criteria, CC:2022, incorporate the X.509 Functional Package, align with updated version of the SSH and TLS Functional Packages, and incorporate Technical Decisions (TDs). The kickoff meeting will be on Tuesday, June 25th, at 1100 EDT.

Please note: If you are already a member of this Technical Community, there is no need to re-apply.

All interested parties should contact NIAP/CCEVS at TC-App-Staff@niap-ccevs.org providing the information listed below for each potential participant:

·       Name

·       Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)

·       Telephone number

·       Email address

·       A brief statement of the qualifications for participation in the TC

We look forward to your participation!

direct link to this item: https://www.niap-ccevs.org/Announcements/Announcements.cfm#ann1313

  NIAP Endorses HCD cPP V1.0E (23 April 2024)

NIAP has endorsed the Hardcopy Devices collaborative Protection Profile V1.0E (HCD cPP V1.0E) and published the cPP and Supporting Document to the NIAP-Approved PP List.  This endorsement is a formal statement that products successfully evaluated against the HCD cPP V1.0E that demonstrate exact conformance to the cPP, meeting the below identified conditions, and in compliance with all NIAP policies, will be placed on the NIAP Product Compliant List:

·       Each applicable cryptographic support security functional requirement (FCS_) must include at least one selection conforming to Commercial National Security Algorithm (CNSA) Suite V1.0 or V2.0;

·       SHA-256 may be selected in FCS_PCC_EXT.1 and may be included in FCS_COP.1/Hash and FCS_COP.1/KeyedHash for that function; and

·       SHA-1 may not be selected.

This version succeeds the HCD PP V1.0 which will sunset effective 23 October 2024.

direct link to this item: https://www.niap-ccevs.org/Announcements/Announcements.cfm#ann1312

  NIAP Updates Entropy Guidance (12 April 2024)

NIAP has issued guidance for using Entropy Source Validation certificates. Please see Entropy Documentation and Assessment Clarification (Release 2) and Labgram #118/Valgram #137 for more information.

direct link to this item: https://www.niap-ccevs.org/Announcements/Announcements.cfm#ann1311

  NIAP 2023 Annual Report (11 April 2024)

See the NIAP 2023 Annual Report to learn about NIAP accomplishments and activities in 2023. Read the report here.

direct link to this item: https://www.niap-ccevs.org/Announcements/Announcements.cfm#ann1309

  NIAP issues policy defining the requirements for Remote Testing (11 April 2024)

NIAP has issued Policy 31 defining the requirements to verify the Common Criteria Test Laboratories (CCTL) have comparable control over any alternative test environment and the process for submitting remote testing requests. This policy is effective immediately for all new Remote Testing Requests submitted to NIAP.

NIAP Remote Testing Policy 31

direct link to this item: https://www.niap-ccevs.org/Announcements/Announcements.cfm#ann1310

  Call for Participants in the Enterprise Management Technical Community (27 March 2024)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be a part of the Enterprise Management (EM) Technical Community (TC). Members of this TC are expected to provide technical input to develop a baseline set of security requirements for inclusion in the EM Protection Profile. A current draft of the Essential Security Requirements document can be found at this link: https://github.com/commoncriteria/enterprise-management/blob/main/output/ESR-EM-Feb2024_v2.1.pdf

 

All interested parties should contact NIAP/CCEVS at tc-em-staff@niap-ccevs.org, providing the information listed below for each potential participant: 

 

 • Name 

 • Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)  

 • Telephone number 

 • Email address 

 • A brief statement of the qualifications for participation in the TC

 

The initial kick-off meeting will commence 10 April at 1:00PM EDT, and an invite will be sent to the TC alias. We look forward to your participation!

direct link to this item: https://www.niap-ccevs.org/Announcements/Announcements.cfm#ann1308

Previous Announcements

  NIAP Launches SBOM Pilot (07 March 2024)

NIAP has launched the SBOM pilot.  All evaluations and assurance maintenance activities submitted to NIAP for evaluation claiming conformance against the Application Software Protection Profile (AppSW PP) or the future Application Software Collaborative Protection Profile (AppSW cPP) will be required to include an SBOM.  All applicable evaluations actions submitted to NIAP starting March 1, 2024 must conform to this policy. All applicable assurance maintenance activities starting September 1, 2024 must conform to this policy.

SBOM Policy 30

SBOM Process: Labgram 117 / Valgram 136

direct link to this item: https://www.niap-ccevs.org/Announcements/Announcements.cfm#ann1307

  NIAP Endorses NDcPP v3.0e (14 December 2023)

NIAP has endorsed the Network Device collaborative Protection Profile v3.0e (NDcPP v3.0e) and published the cPP and Supporting Document to the NIAP-Approved PP List.  This endorsement is a formal statement that products successfully evaluated against the NDcPP v3.0e that demonstrate exact conformance to the cPP, and in compliance with all NIAP policies, will be placed on the NIAP Product Compliant List.  This version succeeds Version 2.2e which will sunset effective 14 June 2024.

direct link to this item: https://www.niap-ccevs.org/Announcements/Announcements.cfm#ann1306

  NIAP Progress Report - Third Quarter 2023 (29 November 2023)

See the NIAP Third Quarter Progress Report to learn about recent NIAP accomplishments and activities, and upcoming releases. Read the Report Here

direct link to this item: https://www.niap-ccevs.org/Announcements/Announcements.cfm#ann1305

  NIAP SBOM Policy Review (24 November 2023)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) has released draft SBOM policy documents and an accompanying comment matrix to the CCUF portal. If you are interested in providing feedback please send your completed comment matrix to SBOM_team@niap-ccevs.org by COB December 8th. 

Also, if you'd like to be added to the NIAP SBOM information alias, please send your request to SBOM-staff@niap-ccevs.org

direct link to this item: https://www.niap-ccevs.org/Announcements/Announcements.cfm#ann1304

  Call for Participants in the Retransmission Device Technical Community (07 November 2023)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be a part of the Retransmission Device (RD) Technical Community (TC). Members of this TC are expected to provide technical input to develop a baseline set of security requirements for inclusion in the RD Protection Profile and support the RD requirements in the Commercial Solutions for Classified program's Mobile Access Capability Package.

 

For more information regarding the new Protection Profile, please view the Essential Security Requirements (ESR) document here.

 

All interested parties should contact NIAP/CCEVS at tc-rd-staff@niap-ccevs.org, providing the information listed below for each potential participant: 

 

 • Name 

 • Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)  

 • Telephone number 

 • Email address 

 • A brief statement of the qualifications for participation in the TC

 

The initial kick-off meeting will commence December 7, 2023. We look forward to your participation!

direct link to this item: https://www.niap-ccevs.org/Announcements/Announcements.cfm#ann1302

  Call for Participants in the SDN Technical Community (18 October 2023)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be a part of the Software Defined Networking (SDN) Technical Community (TC). Members of this TC are expected to provide technical input to develop a baseline set of security requirements for inclusion in the SDN Protection Profile.

All interested parties should contact NIAP/CCEVS at tc-sdn-staff@niap-ccevs.org, providing the information listed below for each potential participant: 

 • Name 

 • Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)  

 • Telephone number 

 • Email address 

 • A brief statement of the qualifications for participation in the TC

The initial kick-off meeting will commence January 10, 2024. Connection information will be sent to members of the TC. We look forward to your participation!

direct link to this item: https://www.niap-ccevs.org/Announcements/Announcements.cfm#ann1300

  PP-Module VPN Gateway v1.3 Published! (05 September 2023)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to announce the posting of the Protection Profile-Module for Virtual Private Network (VPN) Gateway, Version 1.3. Notable changes include fixing issues with multifactor authentication and applying all applicable NIAP Technical Decisions.

direct link to this item: https://www.niap-ccevs.org/Announcements/Announcements.cfm#ann1297

  Call for Participants in the x509 Technical Community (24 August 2023)

The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) is pleased to invite interested parties to be part of a Technical Community (TC) for the development of the x509 Functional Package. Members of this TC are expected to provide technical input to unify the FIA_x509 requirements.

All interested parties should contact NIAP/CCEVS at tc-x509-staff@niap-ccevs.org, providing the information listed below for each potential participant: 

 • Name 

 • Affiliation (Vendor/CCTL/Academic Institution/Scheme/Other)  

 • Telephone number 

 • Email address 

 • A brief statement of the qualifications for participation in the TC

We look forward to your participation and will hold a kickoff meeting on 12 September 2023 at 1100 EST.

direct link to this item: https://www.niap-ccevs.org/Announcements/Announcements.cfm#ann1296

  NIAP Progress Report - Second Quarter 2023 (10 August 2023)

See the NIAP Second Quarter Progress Report to learn about recent NIAP accomplishments and activities, and upcoming releases.  Read the report here.

direct link to this item: https://www.niap-ccevs.org/Announcements/Announcements.cfm#ann1295
Site Map              Contact Us              Home