HOME

TheInfoList



Click Here for Items Related To - NIAP
OR:
NIAP on:   [Wikipedia]   [Google]   [Amazon]

The National Information Assurance Partnership (NIAP) is a
United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territorie ...
government A government is the system or group of people governing an organized community, generally a state. In the case of its broad associative definition, government normally consists of legislature, executive, and judiciary. Government is a ...
initiative to meet the security testing needs of both
information technology Information technology (IT) is the use of computers to create, process, store, retrieve, and exchange all kinds of data . and information. IT forms part of information and communications technology (ICT). An information technology system (I ...
consumers and producers that is operated by the
National Security Agency The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...
(NSA), and was originally a joint effort between NSA and the
National Institute of Standards and Technology The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical sci ...
(NIST).


Purpose

The long-term goal of NIAP is to help increase the level of trust consumers have in their information systems and networks through the use of cost-effective security testing, evaluation, and validation programs. In meeting this goal, NIAP seeks to: *Promote the development and use of evaluated IT products and systems *Champion the development and use of national and international standards for IT security **
Common Criteria The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. It is currently in version 3.1 revision 5. Common Criteria ...
*Foster research and development in IT security requirements definition, test methods, tools, techniques, and assurance metrics *Support a framework for international recognition and acceptance of IT security testing and evaluation results *Facilitate the development and growth of a commercial security testing industry within the U.S.


Services

*
Common Criteria Evaluation and Validation Scheme Common Criteria Evaluation and Validation Scheme (CCEVS) is a United States Government program administered by the National Information Assurance Partnership (NIAP) to evaluate security functionality of an information technology with conformance t ...
(CCEVS) *Product / System Configuration Guidance *Product and
Protection Profile A Protection Profile (PP) is a document used as part of the certification process according to ISO/IEC 15408 and the Common Criteria (CC). As the generic form of a Security Target (ST), it is typically created by a user or user community and provi ...
Evaluation *Consistency Instruction Manuals


NIAP Validation Body

The principal objective of the NIAP Validation Body is to ensure the provision of competent IT security evaluation and validation services for both government and industry. The Validation Body has the ultimate responsibility for the operation of the CCEVS in accordance with its policies and procedures, and where appropriate: interpret and amend those policies and procedures. The NSA is responsible for providing sufficient resources to the Validation Body so that it may carry out its responsibilities. The Validation Body is led by a Director and Deputy Director selected by NSA management. The Director of the Validation Body reports to the NIAP Director for administrative and budgetary matters and to NSA certificate-issuing authorities for CCEVS related operational matters. In general, the Director and Deputy Director serve a two-year term of service. This term of service may be extended at the discretion of NSA management. There are also a significant number of technical and administrative support personnel required to provide a full range of validation services for the sponsors of evaluations and the Common Criteria Testing Laboratories (CCTL). These personnel include validators, technical experts in various technology cells, and senior members of the technical staff and the IT security community on the oversight board. The Validation Body ensures that appropriate mechanisms are in place to protect the interests of all parties within the CCEVS participating in the process of IT security evaluation. Any dispute brought forth by a participating party, (i.e., sponsor of an evaluation, product or Protection Profile developer or CCTL), concerning the operation of the CCEVS or any of its associated activities shall be referred to the Validation Body for resolution. In disputes involving the Validation Body, NSA management will attempt to resolve the dispute through procedures agreed upon by the two organizations.


External links


NIAP official site

NIAP Consistency Instruction Manuals
Crime prevention Data security National Security Agency Security