Verification of Cryptographic Security Functionality in NIAP CCEVS (M23a)
NIAP-approved Protection Profiles specify assurance activities intended to verify cryptographic security functionality. This presentation will provide details of NIAP’s collaboration with TCs, iTCs, the CCDB Crypto Working Group, and the National Institute of Standards and Technology (NIST) to develop assurance activities for cryptographic SFRs which allows CC labs to leverage NIST algorithm testing for improved consistency and elimination of redundant testing. NIAP’s requirements for cryptographic evaluations in the US Common Criteria scheme, specifically NIAP Policy #5, which mandates NIST CAVP to satisfy PP cryptographic security functionality requirements, will also be discussed. Detailed examples for the verification and reporting of how NIST testing activities fully satisfy specific PP security functional requirements will be presented.