Yesterday, NIAP published updates to several Protection Profiles, including, the SIP Server EP, NPDD Errata (#3), and the Application SW PP. For reference, Acumen has created a difference document which can be found here.

Compared to previous NIAP PP updates, these updates are very small and consist of,

  1. Adding references to CNSSP 15 – This is the policy document that will require Suite-B cryptography to protect National Security Systems (NSS) starting 10/1/2015. These references do not add any additional mandatory functional to the PPs/References.
  2. Adding several optional ciphersuites to the TLS SFRs in each PP/errata – The PPs have been updated to selectively allow both the Suite-B transitional ciphersuites and the Suite-B ciphersuites to be evaluated.

Acumen’s Take: These updates were made to explicitly support upcoming Suite-B protection requirements. If a product is targeting a market that requires Suite-B protection or wants to be compliant with CNSSP 15 these new ciphersuites should be included in the product evaluation. These requirements will continue to grow in importance to product vendors as policies like the ones defined in CNSSP 15 take place and as CC evaluation is used more and more as prerequisites for programs like CSFC. We fully expect future PP revisions to more closely mirror the requirements in these policies/programs.

Also, these updates are Suite-B focused. If you have any questions about how Suite-B applies to product certification, give us a call, drop us a note, or check out our white paper on Suite-B cryptography and how it applies to the most commonly certified network protocols.