Common Criteria Updates: Protection Profiles & Re-Evaluations

Full Drive Encryption v2.0 Collaborative Protection Profiles (FDE cPP) Published

The Full Drive Encryption (FDE) international Technical Community (iTC) has published version 2.0 of the FDE Encryption Engine (EE) and FDE Authorization Acquisition (AA) cPPs and Supporting Documents. For more information please visit the cPP and iTC pages.

NIAP Guidance Update

NIAP updated the Guidance for the Common Criteria Assurance Continuity (AC) and Re-evaluation process in order to reflect the current evaluation paradigm i.e., PP-based evaluations and PCL listing.

Key Takeaways:

  1. The process and requirements used to determine if a certification must go through an Assurance Continuity versus a full Re-evaluation remains unchanged.
  2. Included with the Initial Assessment Review (IAR) submission must be a Security Target (ST) with “tracked changes”.
  3. Additional guidance on Sunset Protection Profiles has been established, citing that NIAP will determine if a product is eligible for Assurance Maintenance  against an already sunset Protection Profile.

For complete information, please see the official release.