|
|
 |
Common Criteria Resources
NIAP (National Information Assurance Partnership) is a NIST organization that manages evaluations using the Common Criteria.
Important NIAP policy announcement Independent testing laboratories perform Common Criteria evaluations. Many laboratories also write Security Targets and required assurance documents.
Your TOE (Target of Evaluation) may conform to a PP (protection profile) that dictates required capabilities or services for specific kinds of products. The NIAP website posts numerous protection profiles.
Every evaluated product has a Security Target that formally defines the TOE. All evaluated products must have complete product documentation such that any person who handles, installs, configures, and uses your product, does so in a secure manner that maintains the product integrity throughout its lifecycle. The evaluation requires assurance documents mapping your product capabilities to the Common Criteria scheme. This table lists assurance documents required for each EAL (evaluation assurance level).
Common Criteria documents define the requirements. The CEM (Common Evaluation Methodology) located with the Common Criteria documents specifies how evaluators will validate your claims of conformance.
The NSTISSP 11 Fact Sheet explains the National Information Assurance Acquisition Policy that mandates federal agencies use evaluated products for systems handling information that is critical or essential to the conduct of organizational missions. Required evaluations may be FIPS or Common Criteria, or both as appropriate.
Similar directives include DoD Instruction 8500.2 and DoD Directive 8100.2 on the use of evaluated wireless devices.
RAI || FIPS 140-2 || COMMON CRITERIA || RESOURCES || ABOUT RAI || CONTACT
© 2005 Rosenberry Associates Inc. All rights reserved.