Welcome to the Acumen Security Blog

Highlights from the Fall NIAP Validator/CCTL Workshop

Similar to the July workshop Acumen attended the Fall workshop that took place on October 8, 2014. Going forward, NIAP expects to hold such workshops twice a year (one during Spring time and the second during Fall).

This time the workshop was broken into several sessions, as follows:

  1. General group working session led by NIAP
  2. Breakout sessions led by individuals, including
    1. AGD/Guidance improvement
    2. NDPP evaluation process optimization
    3. Equivalency Analysis
  3. Individual presentations led by various participants

Overall, the workshop was both very good and productive. There is a real sense of partnership between NIAP, the validators, and the labs. This is expected to continue as NIAP and Common Criteria is increasingly leveraged for other programs (e.g., CSFC) and procurement requirements. The following provides some highlights.

NIAP is on the verge of releasing several new PPs over the course of the next quarter, including,

  1. File Encryption PP
  2. Software Application on OS PP
  3. Virtualization PP
  4. Multi-Function Printer PP
  5. Peripheral Switch PP

There was a discussion regarding how NIAP will transition to cPPs when there is already an established NIAP PP for a technology. The most pertinent example was the NDPP for which the cPP will be completing within the next month or so. The process will go, as follows,

  1. The PP officially finishes and transitions to maintenance phase
  2. NIAP then officially announces support for the new PP
  3. There is a TBD (likely 6 months) transition period as with any time a PP is sunsetted
  4. After the transition period, the all evaluations must go against the new cPP

Specific to the NDPP, NIAP is still working out the details on the transition period and how to address the NDPP EPs. Since currently the EP concept has not be addressed by the cPPs.

There was a discussion about evaluations conducted outside of the US being posted on the NIAP website. In particular, NIAP was adamant regarding the consistency review of all evaluations posted to the NIAP website, including those conducted outside of the US. NIAP pointed out that this has been done multiple times with multiple schemes.

Speak Your Mind

*