U.S. Government Approved Protection Profile - Security Requirements for Network DevicesShort Name: pp_nd_v1.0 Technology Type: Network Devices CC Version: 3.1 Date: 10 December 2010 Conformance Claim: US Standard - EAL1
PP OVERVIEWThis Protection Profile (PP), “U.S. Government Approved Protection Profile - Security Requirements for Network Devices,” describing security requirements for a Network Device (defined to be an infrastructure device (as opposed to an end-user device) that can be connected to a network), is intended to provide a minimal, baseline set of requirements that are targeted at mitigating well defined and described threats. It represents an evolution of “traditional” Protection Profiles and the associated evaluation of the requirements contained within the document. This introduction will describe the features of a compliant TOE, and will also discuss the evolutionary aspects of the PP as a guide to readers of the document. SECURITY EVALUATION SUMMARYThis Protection Profile (PP), describing security requirements for a Network Device (defined to be an infrastructure device (as opposed to an end-user device) that can be connected to a network), is intended to provide a minimal, baseline set of requirements that are targeted at mitigating well defined and described threats. It represents an evolution of “traditional” Protection Profiles and the associated evaluation of the requirements contained within the document. Compliant TOEs will provide security functionality that addresses threats to the TOE and implements policies that are imposed by law or regulation. Compliant TOEs must protect communications to and between elements of a distributed TOE (e.g., between a network IDS sensor and the centralized IDS manager) or instantiations of the TOE in a single enterprise (e.g., between routers). The TOE must offer identification and authentication services that support the composition of moderate complex passwords or passphrases, and make these services available locally (that is, a local logon) as well as remotely (remote login). The TOE must also offer auditing of a set of events that are associated with security-relevant activity on the TOE, although these events will be stored on a device that is distinct from the TOE. The TOE must offer some protection for common network denial of service attacks and some separation of administrative roles. The TOE must also provide the ability to verify the source of updates to the TOE. This U.S. Government Approved Protection Profile is not assigned to any Validated ProductsPlease forward any questions or comments to pp-comments@niap-ccevs.org |
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](/assets/images/icon_pdf.gif "[PDF]"){kind=icon}