The National Security Agency has partnered with government and industry for 25 years to secure commercial-off-the-shelf (COTS) technologies for National Security Systems (NSS) and the U.S. Military.
On July 6, 1998, NSA and the National Institute of Standards and Technology (NIST) outlined and signed the roles and responsibilities for the National Information Assurance Partnership (NIAP). Today, the partnership leverages industry labs combined with expertise from vendors and NSA subject matter experts to create protection profiles under a common criteria, which is now recognized across 31 countries.
NIAP was created to improve security of COTS technologies used across the U.S. and to expand the market for those products. By partnering with NIST and industry labs to conduct evaluations, the program provides security at scale for a quickly evolving technology market.
“Our mission means all NSS uses evaluated technologies, but it makes the world a more secure place. The mobile phone you are using has probably been NIAP certified. I’d like to say that about everything I use to protect the nation and my family,” said Jon Rolf, NIAP Director.
NIAP is responsible for the U.S. implementation of the common criteria, including management of the NIAP Common Criteria Evaluation and Validation Scheme (CCEVS) certification body. The testing program, managed by NIAP, ensures all evaluation methods and policies are transparent, achievable, and repeatable, and include testable requirements to create Protection Profiles.
Rolf says he “expects NIAP’s capabilities and success to continue for the next 25 years.”
In his ten years with the program, Rolf has seen the cyber threat landscape expand, raising the demand for evaluated products, which drive secure-by-design and secure-by-default products across industry. Under the National Cybersecurity Strategy, NIAP’s ability to shape the market will raise the security standards of new products and technologies.
As the program continues into its 25th year, NIAP will:
- Promote demand and investment in secure by design products
- Transition current evaluation and testing efforts from the government to private commercial labs
- Foster research and development in security tests, methods and metrics
The program now resides in NSA’s Cybersecurity Collaboration Center, which boosts NIAP’s abilities to partner with industry, to secure the Defense Industrial Base, influence and contribute to international standards, and improve commercial technology. This facility brings government and industry side-by-side in real time collaboration, matching the unclassified mission NIAP has supported for 25 years.
To partner with NIAP, or submit your products for evaluation, visit niap-ccevs.org.