NIAP Certification Becoming a Priority

Because government agencies are beginning to purchase only NIAP-certified products, companies such as SuSE and Lancope are seeking certification, which validates the security and reliability of products.

The governments plan to pressure software vendors to build more secure products seems to be gathering a bit of momentum. A major part of the National Strategy to Secure Cyberspace, the idea involves using market pressures and the governments purchasing power to influence vendors development practices.

An important component of this plan is the National Information Assurance Partnerships Common Criteria testing program, which validates the security and reliability of a given product. The program is a partnership between the National Security Agency and the National Institute of Standards and Technology. NIAP has been around for a while, but until some government agencies began purchasing only NIAP-certified products whenever possible, it hadnt been a priority for many vendors.

But that may be changing. On Tuesday SuSE Linux AG and IBM announced that SuSEs flagship Enterprise Server 8.0 running on an IBM eServer xSeries box had received the Common Criteria certification. This is a first for the open-source operating system, which has attracted both criticism and praise from the security community. The certification is seen as an important step in Linuxs continued penetration of the government market.


And on Wednesday, Lancope Inc. said that it has submitted its StealthWatch IDS system for Common Criteria certification. Science Applications International Corp. will perform the evaluation in its Common Criteria Testing Laboratory. SAICs facility is one of a handful of private labs authorized to do these evaluations.

Currently, Intrusion Inc.s SecureNet Pro is the only IDS product to achieve Common Criteria certification.