We took a strategic decision early on at Lightship Security to focus our initial Greenlight development efforts on automating the tests specified by the Network Device collaborative Protection Profile (NDcPP). There are two main reasons for this:
- It is the most widely used Common Criteria Protection Profile in North America (given its generic applicability)
- It is the forerunner for most NIAP Approved Protection Profiles which re-use a large portion of the NDcPP Security Functional Requirements (SFRs)
Now, we have automated the testing not only for NDcPP but also several other Protection Profiles by virtue of this SFR re-use. Below we present an analysis of the re-use of NDcPP requirements across NIAP Approved Protection Profiles (all but a few).