What is the relationship of NIAPs CCEVS and NISTs Cryptographic Module Validation Program?
Both the Common Criteria Evaluation Validation Scheme (CCEVS) and the Cryptographic Module Validation Program (CMVP) are intended to evaluate the robustness levels provided by individual COTS IA products. While both programs are used to evaluate robustness levels with COTS IA and IA-enabled products, they each focus on different aspects of the product and use different criteria. The CMVP program provides customers with confidence that commercial cryptographic modules meet one of the four security specification levels documented in FIPS 140-2, Security Requirements for Cryptographic Modules, and that the FIPS-approved algorithms are properly implemented. Conversely, the CCEVS focuses more on confidence that the non-cryptographic security functions of an IA or IA-enabled IT product meets one of the seven robustness levels (i.e. EALs) documented in the CC. Products are encouraged to be evaluated under both programs if the product encompasses both cryptographic and non-cryptographic securi
Related Questions
- How can I find out what products have already been tested by NISTs FIPS 140 Cryptographic Module Validation Program (CMVP) or by the NIAP?
- What is the relationship between the Georgia Greenspace Program and the Chattahoochee greenspace program?
- What is the relationship of NIAPs CCEVS and NISTs Cryptographic Module Validation Program?
