Lachlan Turner | Lightship Security

What does the new version of the CC mean for me?

Lachlan Turner June 28, 2023 Common Criteria

Short answer: probably not much! For most vendors and users of the CC, things will roll on normally. It will be the national certification schemes, labs and technical communities that must adjust. Long answer: there are some aspects and circumstances …

What’s the Deal With NDcPP 3.0?

Lachlan Turner December 12, 2022 Common Criteria

This post aims to answer the most common questions we get about NDcPP 3.0:

The Role of Cryptographic Algorithm Validations in Common Criteria (CAVP FAQ)

Lachlan Turner February 8, 2021 ACVP, Certifications, Common Criteria, FIPS 140-2, FIPS 140-3

[Updated July 6, 2021 – NIAP requires exact match CPU specs in CAVP certificates] Most CC evaluations performed in North America include cryptographic security claims called out in the target Protection Profile (PP) that is being used. Those requirements are …

What’s New in NDcPP v2.2?

Lachlan Turner February 5, 2020 Certifications, Common Criteria

The Network Device international Technical Community recently (in December 2019) published version 2.2 of the collaborative Protection Profile for Network Devices – aka – NDcPP. The NDcPP is the most often used Common Criteria Protection Profile to achieve listing on …

NIAP Requests for a Mitigation Plan

Lachlan Turner December 11, 2019 Certifications, Common Criteria

Vendors with products on NIAP’s Common Criteria Product Compliant List (PCL) may from time-to-time receive a request from NIAP for a mitigation plan addressing a given widespread vulnerability (e.g. Meltdown, Spectre etc.). This is in keeping with NIAP Policy 17 …

Canada Open for EAL4

Lachlan Turner October 17, 2019 Certifications, Common Criteria, Lightship News

The Canadian Centre for Cyber Security recently released its updated Common Criteria (CC) Program Instructions which state that they will consider accepting EAL3 and EAL4 evaluations on a case by case basis. Evaluations were previously restricted to those claiming an …

NDcPP v2.1 endorsed by NIAP but which TDs apply?

Lachlan Turner March 12, 2019 Certifications, Common Criteria

[March 14, 2019 update] The NIAP list of TDs is now up to date with NDcPP v2.1 attribution. NIAP announced their endorsement today of version 2.1 of the Network Device collaborative Protection Profile. We’ve previously described the changes in NDcPP v2.1. …

What’s changed since NDcPP v1.0?

Lachlan Turner February 8, 2019 Certifications, Common Criteria

[March 12, 2019 Update] NDcPPv2.1 has been formally endorsed by NIAP. There are 41 products listed on the NIAP PCL that are compliant with the collaborative Protection Profile for Network Devices (NDcPP) v1.0. These PCL listings will all expire within the next …

The Mother of All NIAP Protection Profiles – NDcPP

Lachlan Turner November 29, 2018 Certifications, Common Criteria

We took a strategic decision early on at Lightship Security to focus our initial Greenlight development efforts on automating the tests specified by the Network Device collaborative Protection Profile (NDcPP). There are two main reasons for this: It is the …

Notable NDcPPv2.1 Changes (from v2.0e)

Lachlan Turner October 3, 2018 Certifications, Common Criteria

[March 12, 2019 Update] NDcPPv2.1 has been formally endorsed by NIAP. NDcPPv2.1 is hot off the presses from the Network iTC. It is yet to be officially accepted by NIAP for PCL usage however this is probably not too far off, …