Attention: the NIAPC web site may not include all approved products.The list of approved products is always changing; there is a backlog of approved products still to be added to this information portal, and there are delays in responding to queries and inclusion of new products. NATO is reviewing options to improve collaboration and provide more timely information sharing of approved security products.

Introduction

All vendor communication is to be directed to the group mailbox: [email protected]

PURPOSE

The NATO Information Assurance Product Catalogue (NIAPC), established under Technical & Implementation Directives: AC/322-D(2010)0042 and AC/322-D(2019)0041-REV1, provides NATO nations, and NATO civil and military bodies with a catalogue of Information Assurance (IA) products, Protection Profiles and Packages that are in use or available for procurement to meet NATO's operational requirements.

SCOPE

The NIAPC is maintained for Security Accreditation Authorities, CIS Planning and Implementation Authorities, CIS Providers, security and system management staffs, project staffs, host nations, and procurement authorities.

It is the central register of Security Enforcing Products (SEP) to support NATO IA requirements and associated activities to bring new systems, solutions and commercial security products into use when handling NATO information.

A Security Enforcing Product (SEP) is a hardware or software component which, when deployed in an on-premises environment, provides one or more security functionalities to fulfil the intended security objectives. Amongst SEPs, there are four categories (Operating System, Boundary Protection, TEMPEST, and Cryptographic Equipment) that require a specific evaluation and approval by the National CIS Security Authority (NCSA) of a NATO Nation Submissions of Security Enforcing Products to the NIAPC are required to have supporting assurance information from a NATO-Nation National Authority.

The term ‘product’ is used here in its widest sense since security enforcing functionality may be part of a service (e.g. a cloud service) or a combination of hardware/ software products and an associated service (e.g. product updates). The key requirement for inclusion in the catalogue are that the product provides security enforcement functions that meet and/or are compatible with relevant NATO policies.

RESPONSIBILITIES

The NATO Cyber Security Centre is responsible for the day to day management of the NATO Information Assurance Product Catalogue (NIAPC). NATO nations with approved or endorsed IA products, Protection Profiles or Packages are responsible for, and are strongly encouraged to provide the required support for the listings; national input should be provided at least annually.

NATO Nation Vendor
• Request products for inclusion or update in the NIAPC
• Request products for withdrawal from the NIAPC
• Provide information as required
• Support clarification exchanges as required
• Keep information up to date by review (at least annually with endorsement by NCSA)
NATO Nations (via NCSA)
• Endorse products for inclusion in the NIAPC
• Provide Requirements or Requirements Profiles, if seen essential and eligible for a listing in the NIAPC together with endorsed products.
• Withdraw endorsements where necessary
• Provide information as required
• Support clarification exchanges as required
• Keep information up to date by review (at least annually)
• Take part in pre-expiry discussions as required
NIAPC Provider
• Operate process as in documented in AC/322-D(2019)0041-REV1
• Receive and validate addition, update and removal requests from NATO Nation vendor or NCSA
• Liaise with NATO staff when Military Committee (MC) approval is needed
• Liaise with NCSA and vendor on information on text, pictures, product sheets and certifications for listings in the NIAPC.
• Liaise with NCSA on clarification exchanges as needed for the different processes
• Liaise with NCSA and NATO Staff on pre-expiration notifications
NATO (Digital) Staff
• Operate MC Approval/Withdrawal process where required
• Liaise with NIAPC provider regarding pre-expiration warnings.

MAINTENANCE & NATIONAL SECURITY AUTHORITIES

The NIAPC is the central reference list that facilitates already approved items of NATO IA Products, Protection Profiles and Packages and is updated and maintained by the NATO Cyber Security Centre staffs.

The NIAPC will be constantly updated based on input received and annually reviewed to ensure currency is maintained.

Submissions to the NIAPC, where evaluation is not carried out by the NATO Evaluation Authority (SECAN), are to be supported by a National Security Authority, or National Certification Authority, as provided here.

 
Home
NCIA
NIAPC
NCIRC
Build Version / NIAPC-30-OCT-2025 /
Please enter a search term !