Attention: the NIAPC web site may not include all approved products.The list of approved products is always changing; there is a backlog of approved products still to be added to this information portal, and there are delays in responding to queries and inclusion of new products. NATO is reviewing options to improve collaboration and provide more timely information sharing of approved security products.

NIAPC > Security Mechanism Groups

NATO is employing a risk assessment based implementation of security countermeasures in projects.
 
The NATO Security Countermeasure Library is a low level list of security countermeasures. These countermeasures have been mapped into Security Mechanisms.

The list of Security Mechanisms have been grouped into Security Mechanism Groups.

The Security Mechanism Groups have been mapped against the NIAPC Categories. This has been done to identify security enforcing products supporting the Security Mechanism Group and providing the security countermeasures.
 
A Risk Assessment of a project will produce a Risk Assessment Report which list the applicability of Security Countermeasures, this will be shown as applicable security mechanisms including their required strength of mechanism.
 
Through the mapping done in the NIAPC, the selection of security enforcing products for a project can now be directly linked to the outcome of the risk assessment for the project. It will also provide direct traceability of an implemented security enforcing products through the security mechanisms to the threat which they are associated with.
 
Security mechanism  Group   (SG) Security mechanism Group (SG) Name SM # Security Mechanism (SM) Name
SG01  Malware Protection SM01a  Malware Protection for Server (e.g. AV for servers)
SM01b  Malware Protection for Application Server (e.g. SharePoint, etc)
SM01c  Malware Protection for Multifunction Printing (MFP) device
SM01d  Malware Protection for Server Database
SM02  Malware Protection for Client (e.g. AV for clients)
SM02b  Second but different Malware Protection for Client (e.g. AV for clients)
SM03  Malware Protection for handheld devices (e.g. smartphones) 
SM04  Malware Protection for Email server (e.g. AV for e-mail services)
SM05  Malware Protection for Web server (e.g. AV for Web Services)
SM08  HTTP AV Proxy
SM09  FTP AV Proxy
SG02  Boundary Protection Devices and Systems(Content Check, Proxy and Firewall) SM06  Messaging Content Filtering (MCF)
SM07a  Web Content Filtering (WCF) - Categorization
SM07b  Web Content Filtering (WCF) - Content Inspection
SM07c  Web Content Filtering (WCF) - SSL Intercept
SM14  Firewall (FW) for Outer Perimeter/ Border Protection
SM15  Firewall (FW) for Inner Perimeter
SM18  IP Filtering & Management
SM19  Network/Port Address Translation (NAT/PAT)
SM20  (Web) Application Firewall and other proxy/reverse proxy
SM23  Voice over Internet Protocol (VoIP) protection
SM24  Wireless Network Protection (and Jamming)
SM31  Logical Security Zones
SM34  Information Protection Control (IPC) - Classification/Marking
SM35  Information Protection Control (IPC) - Data Loss/Leak Prevention (DLP)
SM39  Development/Test/Pre-production Environments
SM56  Data diode
SG03  Integrity Check SM10  Integrity Checker
SM55  Data processing
SG04  Cryptography SM11  SSL (TLS) and SSH
SM29  Cryptographic security (e.g. Encryption / Decryption)
SM46  Data Scramble
SG05  Identity Management and Access Protection SM12  Strong Authentication (User Token)
SM13  Enterprise Single Sign-On/Off (ESSO)
SM16N  Intrusion Detection and Prevention System (IDS/IPS) - Network (N) Based
SM16H  Intrusion Detection and Prevention System (IDS/IPS) - Host (H) Based
SM17  Network Access Control (NAC) /  Network Access Protection (NAP) and  Network Access Quarantine (NAQ)
SM23  Voice over Internet Protocol (VoIP) protection
SM24  Wireless Network Protection (and Jamming)
SM30a  NPKI - User certificate
SM30b  NPKI - Device certificate
SM39  Development/Test/Pre-production Environments
SM41  CAPTCHA (and its alternatives)
SM42  Identity & Access Management (IAM or IdM)
SM48  Password Management
SM49  Identity & Authentication, Access Control (IAAC)
SG06  Monitoring, Logging and Auditing SM21  System and Security Logging & Auditing - Infrastructure and Servers
SM21b  System and Security Logging & Auditing - Applications
SM27  Network Management System (NMS) / Systems Management System (SMS) 
SM28  IT Forensic and Incident Handling
SM47  Data Safeguarding (e.g. DAM, FSAM)
SG07  Storage and Digital Preservation SM25  Storage Compartmented Security Mode (SCSM)
SM26  Backup, Recovery and Contingency planning
SM45  Storage Areas security
SG08  Interruptibility and Availability SM26  Backup, Recovery and Contingency planning
SM33  Load Balancing (LB) / Failover (FO)
SM38  Quality of Service (QoS)
SM50  Protection against (D)DoS
SG09  Compliance and Configuration Control      (incl. Documentation) SM22  Hardening of Network Devices
SM27  Network Management System (NMS) / Systems Management System (SMS) 
SM32  Policies, directives, guidance and procedures
SM36  Vulnerability Scanning & Compliancy Check
SM37  OS security settings
SM40  Configuration Management
SM43  Management of the Security Mechanisms
SM44  Time Synchronization (e.g. NTP)
SG10  Security Service Orchestration SM43  Management of the Security Mechanisms
SM49  Identity & Authentication, Access Control (IAAC)
SG11  Physical security SM51  Physical security
SM54  Emission security
SG12  Personnel security SM52  Personnel security
SG13  Environmental security SM53  Environmental security
 

 

Please enter a search term !