The aim of the list of IA Security Products is to provide security approval authorities (for example, Security Accreditation Authorities), CIS Operating Authorities, CIS planners and implementers, project staffs, and users in NATO Member Nations, NATO civil and military bodies a baseline of information with respect to available evaluated and certified/validated IA security products which can be used as guidance for meeting NATO security requirements in CIS.
Products listed in the NIAPC shall be in receipt of a recognised NATO, national or international evaluation or certification. In instances where this is other than Common Criteria then the product must be in receipt of a finalized national evaluation and approval by a NATO National Communications Security Authority. Where a national or international equivalent is applicable, the appropriate National Security Authority shall make, as part of the submission, a statement with respect to the equivalence of the evaluation to the Common Criteria.
For Common Criteria evaluated and certified products, only products sponsored within a NATO member nation and considered suitable for use within that nation for protection of national information shall be listed in the NIAPC.
The following caveat shall be included as a preface to the IA Security products listed on the NATO Information Assurance Product Catalogue (NIAPC): “Users of the Product, Protection Profile and Package list must understand that choosing a system or product from the list of IT Security products does not guarantee an overall secure system/network. There is no guarantee that such systems or products will have compatibility or interoperability”.
The List of IA Security Products shall be updated and maintained by the NCI Agency Cyber Security on behalf of the NHQC3S based on input provided by a NATO National Communication Security Authority or a recognized NATO or National Certification/Validation Authorities (i.e. SECAN, EUSEC). See the Update and Maintenance Section for further details on the update and maintenance of the NATO Information Assurance Product Catalogue (NIAPC)