The mission statement and promise of Consumer Reports: Equip consumers with the "knowledge they need to make better and more informed choices." After testing and evaluating more than 3,000 products a year, the results of these impartial studies are then gathered, examined, and published to equip consumers with purchasing power for everyday items, big and small. But what about the cybersecurity marketplace? Where are the Amazon reviews for advanced cybersecurity needs?
Enter the National Information Assurance Partnership (NIAP). A U.S. Government initiative designed to meet the security testing, evaluation, and assessment needs of both information technology (IT) producers and consumers. NIAP is a collaboration between the National Institute of Standards Technology (NIST) and the National Security Agency (NSA) with the intent to provide neutral third-party security testing of cybersecurity products for use in both the private and public sectors. NIAP’s long term goal is to increase the level of trust consumers have in their IT systems and networks through the use of cost-effective security testing, evaluation, and assessment programs.
Because of the ever-changing online landscape, global standards for cybersecurity have to exist, and they are governed through the Common Criteria (CC). The CC is the driving force for the broadest range of mutually recognized secure IT products, and in having a CC stamp of approval, a product is ensured to have been evaluated by trusted and independent licensed laboratories earning the product a certificate recognized by over 30 countries. Any product that passes the initial validation is placed on the In-Evaluation list before being labeled as NIAP certified.
Seeing as NIAP certifications and granted by the NSA, it’s easy to assume that it’s designed to help those only in the procurement process of government agencies. While a NIAP certification does grant a product use in the government sector, that is not the only use. With so many private sector organizations in need of robust, portable security solutions, a NIAP certification is paramount in order to meet the CC’s criteria for operational and contractual purposes. In addition, some private organizations simply appreciate having high cybersecurity standards associated with the criteria. As the number of employees working remotely across all industries rises, so do the number of cyber attacks. Having a NIAP certification is one more way organizations can take ownership of their data and cybersecurity.