The National Security Agency (NSA) and the National Institute of Standards and Technology (NIST) have announced the approval of the first four private industry testing laboratories to perform information technology security product evaluations according to procedures established by the National Information Assurance Partnership (NIAP). Product evaluations will follow ISO/IEC Standard 15408 the Common Criteria for Information Technology Security and the associated Common Evaluation Methodology.
The following four laboratories have been approved as Common Criteria Testing Laboratories (CCTLs):
- Computer Sciences Corporation (CSC) Hanover Maryland
- CygnaCom Solutions McLean Virginia
- Science Applications International Corporation (SAIC) Columbia Maryland
- TÃ¼ViT Incorporated Austin Texas
The NIAP Common Criteria Evaluation and Validation Scheme (CCEVS) Validation Body approved these laboratories based on their satisfaction of CCEVS requirements which included accreditation by the National Voluntary Laboratory Accreditation Program (NVLAP). The NVLAP accreditation process requires an in-depth analysis of the laboratory's quality system and procedures; the completion of a comprehensive proficiency test covering the application of the Common Criteria and the Common Evaluation Methodology; and an on-site assessment of the laboratory facilities by a team of experts.
Product or protection profile developers interested in having their product evaluated under the NIAP Common Criteria Evaluation Program must contract with one of the approved CCTLs. Evaluation reports produced by the CCTL are then submitted to the CCEVS Validation Body for review. When all CCEVS requirements are met the CCEVS Validation Body issues a NIAP Common Criteria Certificate and posts the results on the NIAP Validated Products List.
NIAP validated products will be recognized in 12 countries participating with the United States in the Common Criteria Mutual Recognition Arrangement. The NIAP is a partnership between NSA and NIST to enhance the quality of information security products and increase confidence in those products that have been evaluated objectively. For further information on NIAP NVLAP and IT product evaluations see http://niap.nist.gov/cc-scheme.