NIAP and COTS Product Evaluations
NSA manages the National Information Assurance Partnership (NIAP), a U.S. Government program originated to meet the security testing needs of both consumers and producers of information technology (IT).
Through the NIAP's Common Criteria Evaluation and Validation Scheme (CCEVS), approved Common Criteria Testing Laboratories (CCTLs) evaluate Commercial Off-The-Shelf Products. The CCEVS Validation Body:
The CCEVS Validation Body also maintains lists of IT products and Protection Profiles:
U.S. Government Protection Profile for Separation Kernel in Environments Requiring High Robustness, Version 1.03 (SKPP) - NSA/IAD's efforts to support existing SKPP evaluations have revealed a number of difficulties in the areas of assurance maintenance, scalability, cost and complexity when applied to complex commodity platforms. Please go to the links below for detailed explanation of the reason for sunsetting.
The NSA/IA Director has approved the sunsetting of the SKPP based on the extensive research and documentation by the IAD Vulnerability Analysis and operations organization. The following three documents provide the reasoning for this decision:
Email sent to affected commercial partners (http://www.niap-ccevs.org/announcements/SKPP%20Email%20to%20Vendors.pdf)
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009