Site icon

Understanding NVLAP Common Criteria Testing

Government agencies (and their vendors and partners) are increasingly entrusted with sensitive data. Accordingly, protecting critical infrastructure and cybersecurity are both top priorities. The tools they use must come from time-tested and verified protocols to ensure they are secure and not tampered with. In turn, this means that these tools must come from labs that follow the strictest of requirements. 

NVLAP Common Criteria certification serves as a valuable tool for governments to evaluate the security capabilities of IT products and systems before procurement.

 

What is the NVLAP Common Criteria Accreditation Process?

The accreditation process outlined in the 2014 edition of NIST Handbook 150-20 for laboratories is structured to ensure thorough evaluation and consistent quality standards. The goal is for these labs to reach a standardized approach to maintaining critical quality and security standards, an approach that they can document and prove to assessment organizations.

The general breakdown of this process, per Handbook 150-20, includes the following steps:

Alongside this process, a lab may lose accreditation. If key personnel or facilities leave the lab or don’t demonstrate continued competence, the NIAP evaluators may decide to suspect or revoke accreditation.

 

What Are the Management Requirements for Accreditation? 

Handbook 150-20 outlines specific management requirements for laboratories to achieve and maintain accreditation under the NVLAP Common Criteria framework. 

These requirements ensure accredited laboratories operate under a defined quality management system supporting consistent and reliable testing outcomes. 

The managerial requirements for labs include:

The details of these requirements are more involved than we can reasonably cover here, so review the handbook to determine specifics for your organization.

What Are the Technical Requirements for Accreditation?

The technical requirements for accreditation are designed to ensure that laboratories can perform high-quality, secure, and reliable IT security evaluations. These differ from the managerial requirements in that they focus on implementing systems used to perform and validate tests, report on results, and support ongoing validation and audits.

These requirements include:

 

Trust Lazarus Alliance for NVLAP Common Criteria Assessment Preparation

If you’re looking to start or maintain your lab certification, contact Lazarus Alliance.

[wpforms id=”137574″]

Exit mobile version