NIAP has endorsed and listed the second version of the Network Device Collaborative Protection Profile (NDcPP) to be used for Common Criteria evaluations in the United States. The use of the Protection Profile is for those products which provide a minimal set of security requirements expected by all network devices that target the mitigation of a set of defined threats. NIAP has stated that “this baseline set of requirements will be built upon by future cPPs to provide an overall set of security solutions for networks up to carrier and enterprise scale. A network device in the context of this cPP is a device composed of both hardware and software that is connected to the network and has an infrastructure role within the network. The Target Of Evaluation (TOE) may be standalone or distributed, where a distributed TOE is one that requires multiple distinct components to operate as a logical whole in order to fulfill the requirements of this cPP.”
As companies transition to the new NDcPP, the old version has been set to sunset on 2017-11-05. It would be wise for companies to adjust their certification strategies in anticipation of this move. More information on the new Protection Profile can be found here.
As you begin to investigate your Common Criteria evaluation options, visit the NIAP site for a full list of all approved Protection Profiles. If you need help determining which PP is right for you or need guidance on determining a path to certification Contact Corsec.
Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements. – Subscribe