Public Info Menu

.
Skip Search Box

DoD Seal

NATIONAL SECURITY AGENCY
CENTRAL SECURITY SERVICE

FORT GEORGE G. MEADE, MARYLAND 20755-6000

NSA PRESS RELEASE
29 August 2000
For further information contact:
NSA Public and Media Affairs, 301-688-6524

NIAP Approves First Private Industry Testing Labs for Common Criteria Evaluations

The National Security Agency (NSA) and the National Institute of Standards and Technology (NIST) have announced the approval of the first four private industry testing laboratories to perform information technology security product evaluations according to procedures established by the National Information Assurance Partnership (NIAP). Product evaluations will follow ISO/IEC Standard 15408, the Common Criteria for Information Technology Security, and the associated Common Evaluation Methodology.

The following four laboratories have been approved as Common Criteria Testing Laboratories (CCTLs):

  • Computer Sciences Corporation (CSC), Hanover, Maryland
  • CygnaCom Solutions, McLean, Virginia
  • Science Applications International Corporation (SAIC), Columbia, Maryland
  • TüViT Incorporated, Austin, Texas

The NIAP Common Criteria Evaluation and Validation Scheme (CCEVS) Validation Body approved these laboratories based on their satisfaction of CCEVS requirements, which included accreditation by the National Voluntary Laboratory Accreditation Program (NVLAP). The NVLAP accreditation process requires an in-depth analysis of the laboratory's quality system and procedures; the completion of a comprehensive proficiency test covering the application of the Common Criteria and the Common Evaluation Methodology; and an on-site assessment of the laboratory facilities by a team of experts.

Product or protection profile developers interested in having their product evaluated under the NIAP Common Criteria Evaluation Program must contract with one of the approved CCTLs. Evaluation reports produced by the CCTL are then submitted to the CCEVS Validation Body for review. When all CCEVS requirements are met, the CCEVS Validation Body issues a NIAP Common Criteria Certificate and posts the results on the NIAP Validated Products List.

NIAP validated products will be recognized in 12 countries participating with the United States in the Common Criteria Mutual Recognition Arrangement. The NIAP is a partnership between NSA and NIST to enhance the quality of information security products and increase confidence in those products that have been evaluated objectively. For further information on NIAP, NVLAP, and IT product evaluations, see http://niap.nist.gov/cc-scheme.

Defending Our Nation. Securing The Future.

 

Historical Document | Date Posted: Jan 15, 2009

 
bottom