Information Assurance Menu

.
Skip Search Box

NIAP and COTS Product Evaluations

NSA manages the National Information Assurance Partnership (NIAP), a U.S. Government program originated to meet the security testing needs of both consumers and producers of information technology (IT).

Through the NIAP's Common Criteria Evaluation and Validation Scheme (CCEVS), approved Common Criteria Testing Laboratories (CCTLs) evaluate Commercial Off-The-Shelf Products. The CCEVS Validation Body:

  • Provides technical guidance to CCTLs
  • Validates the results of IT security evaluations for conformance to the International Common Criteria for IT Security Evaluation, and
  • Serves as an interface to other nations for the recognition of such evaluations.

The CCEVS Validation Body also maintains lists of IT products and Protection Profiles:

U.S. Government Protection Profile for Separation Kernel in Environments Requiring High Robustness, Version 1.03 (SKPP) - NSA/IAD's efforts to support existing SKPP evaluations have revealed a number of difficulties in the areas of assurance maintenance, scalability, cost and complexity when applied to complex commodity platforms. Please go to the links below for detailed explanation of the reason for sunsetting.

The NSA/IA Director has approved the sunsetting of the SKPP based on the extensive research and documentation by the IAD Vulnerability Analysis and operations organization. The following three documents provide the reasoning for this decision:

Email sent to affected commercial partners (http://www.niap-ccevs.org/announcements/SKPP%20Email%20to%20Vendors.pdf)
"Separation Kernels on Commodity Workstations" (http://www.niap-ccevs.org/announcements/Separation%20Kernels%20on%20Commodity%20Workstations.pdf)
"SKPP Sunset Q&A" (http://www.niap-ccevs.org/announcements/SKPP%20Sunset%20Q&A.pdf)

 

Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009

 
bottom