Press Room Press Room Archives
Press Room Archives:Latest NSA News Statements, Speeches, and Testimonies NSA Video Transcripts Freedom of Information Act Submit a FOIA Request Submit a Privacy Act Request Reading Room Frequently Requested Information Related Links Declassification and Transparency Pre-Publication Review What's New on NSA.gov Contact Information
NATIONAL SECURITY AGENCY
FORT GEORGE G. MEADE, MARYLAND 20755-6000
NSA PRESS RELEASE
NIAP Approves First Private Industry Testing Labs for Common Criteria Evaluations
The National Security Agency (NSA) and the National Institute of Standards and Technology (NIST) have announced the approval of the first four private industry testing laboratories to perform information technology security product evaluations according to procedures established by the National Information Assurance Partnership (NIAP). Product evaluations will follow ISO/IEC Standard 15408, the Common Criteria for Information Technology Security, and the associated Common Evaluation Methodology.
The following four laboratories have been approved as Common Criteria Testing Laboratories (CCTLs):
The NIAP Common Criteria Evaluation and Validation Scheme (CCEVS) Validation Body approved these laboratories based on their satisfaction of CCEVS requirements, which included accreditation by the National Voluntary Laboratory Accreditation Program (NVLAP). The NVLAP accreditation process requires an in-depth analysis of the laboratory's quality system and procedures; the completion of a comprehensive proficiency test covering the application of the Common Criteria and the Common Evaluation Methodology; and an on-site assessment of the laboratory facilities by a team of experts.
Product or protection profile developers interested in having their product evaluated under the NIAP Common Criteria Evaluation Program must contract with one of the approved CCTLs. Evaluation reports produced by the CCTL are then submitted to the CCEVS Validation Body for review. When all CCEVS requirements are met, the CCEVS Validation Body issues a NIAP Common Criteria Certificate and posts the results on the NIAP Validated Products List.
NIAP validated products will be recognized in 12 countries participating with the United States in the Common Criteria Mutual Recognition Arrangement. The NIAP is a partnership between NSA and NIST to enhance the quality of information security products and increase confidence in those products that have been evaluated objectively. For further information on NIAP, NVLAP, and IT product evaluations, see http://niap.nist.gov/cc-scheme.
Historical Document | Date Posted: Jan 15, 2009