PURPOSE
The NATO Information Assurance Product Catalogue (NIAPC) established under Directive
AC/322-D(2010)0042 (22-09-2010), provides NATO nations, and NATO civil and military bodies
with a catalogue of Information Assurance (IA) products, Protection Profiles and
Packages that are in use or available for procurement to meet operational requirements.
This INFOSEC Technical and Implementation Directive is published by the NATOC3 Board
in support of the NATO Information Management Policy (NIMP), NATO Security Policies
for the protection of classified and non-classified information, and the Primary
Directive on INFOSEC. It establishes the process and procedures for the establishment,
update and maintenance of the NATO Information Assurance Product Catalogue (NIAPC).
HOW TO USE THIS CATALOGUE
Product Evaluation Scheme
|
These will be special case products, that will require NIAPC authority for use, and will where appropriate include detailed operational constraints
|
|
Products under this evaluation scheme will have a national evaluation and may have some partial evaluation documentation, these will include products with releasability issues
|
|
Products under this evaluation scheme will have a full NATO evaluation with evaluation documentation set available, and NIAPC certification
|
Classifications
|
COSMIC TOP SECRET
|
Products in this category can be used on NATO systems handling data up to and including COSMIC TOP SECRET (CTS)
|
|
NATO SECRET
|
Products in this category can be used on NATO systems handling data up to and including NATO SECRET (NS)
|
|
MISSION SECRET
|
Products in this category can be used on NATO systems handling data up to and including MISSION SECRET (MS)
|
|
NATO CONFIDENTIAL
|
Products in this category can be used on NATO systems handling data up to and including NATO CONFIDENTIAL (NC)
|
|
NATO RESTRICTED
|
Products in this category can be used on NATO systems handling data up to and including NATO RESTRICTED (NR)
|
|
NATO UNCLASSIFIED
|
Products in this category can be used on NATO systems handling data up to and including NATO UNCLASSIFIED (NU)
|
SCOPE
This INFOSEC Directive is mandatory and binding upon the IA Branch of the NHQC3S,
SECAN, and NATO nations submitting IA products, Protection Profiles, or Packages
onto the NATO Information Assurance Product Catalogue (NIAPC). NATO nations submitting
IA products, Protection Profiles or Packages on the NATO Information Assurance Product
Catalogue (NIAPC) shall provide the required information on these products, Protection
Profiles or Packages when requested by the IA Branch of the NHQC3S and shall update
that information at regular intervals.
RESPONSIBILITIES
The IA Branch of the NHQC3S is responsible for ensuring the implementation of this
directive. The NATO IA Technical Centre (NIATC) is responsible for the day to day
management of the NATO Information Assurance Product Catalogue (NIAPC). NATO nations
with approved or endorsed IA products, Protection Profiles or Packages are responsible
for, and are strongly encouraged to provide the required information on these products,
Protection Profiles or Packages to the IA Branch of the NHQC3S and the NIATC for
inclusion into the NATO Information Assurance Product Catalogue (NIAPC). National
input should be provided at least annually. However, the NIAPC will be constantly
updated by NIATC based on input received.
BACKGROUND
NATO Security Policies, supporting directives and guidance documentation call for
the implementation of security measures and use of security products to protect
information processed, stored or transmitted (handled) in communication, information,
other electronic systems, and supporting system services and resources, against
loss of confidentiality, integrity or availability.
Project staffs involved in systems/equipment planning, selection and procurement
need to have access to information on the current and future availability of IA
products in order to realistically define how IA aspects can be met in systems handling
NATO information. Therefore, a definitive, current list of NATO IA Products, Protection
Profiles and Packages shall be formulated, updated and maintained.
NIAPC Functions
The central functions of the NIAPC are, therefore, as follows:
- The creation, maintenance and operation of the NIAPC is pursuant to this Directive.
- The NIAPC shall be the primary and preferred route to market for all IA products
for use within NATO
- Products listed in the NIAPC shall be selected on the basis of criteria and standards
as established and set by this directive
- Selection of products for inclusion in the NIAPC shall be such as to enable and
support compliance with NATO IA policies
- Procurement of products listed in the NIAPC shall be enabled using common processes
and procedures
- The NIAPC shall enable inclusion of IA products meeting the NIAPC criteria and standards
from all NATO member nations
- NATO nations with potentially suitable candidates for listing in the NIAPC are strongly
encouraged to sponsor inclusion in NIAPC
|