U.S. Government Protection Profile Single Level Operating
Systems for Medium Robustness Environments

Short Name: PP_SLOS-MR_V1.67

Technology Type: Operating System

Version: 1.67

Date: October 30, 2003

Conformance Claim: Medium

Protection Profile:

Validation Report: Not available

Related Profiles: None

Key Words: operating system, COTS, medium robustness, single-level, access control, discretionary access control, DAC, cryptography

Please forward any questions or comments to pp-comments@niap-ccevs.org

PP Overview

National Security Directive 42 delegates to NSA the authority to approve information technology products and cryptography implementations for use in protecting national security information. This “U.S. Government Protection Profile for Single-level Operating Systems in Environments Requiring Medium Robustness” specifies security requirements for commercial-off-the-shelf (COTS) general-purpose operating systems in networked environments and uses Department of Defense (DoD) and National Information Assurance (IA) guidance and policies as a basis to establish the requirements for National Security Systems. Products meeting this protection profile become candidates for use in National Security Systems. However, compliance to this protection profile is not, by itself, sufficient. Compliance alone does not offer sufficient confidence that national security information is appropriately protected in the context of a larger system in which the TOE is integrated. Designers of such large systems must apply appropriate systems security engineering principles and defense-in-depth techniques to afford acceptable protection for national security information.

Conformant products support Identification and Authentication (I&A), Discretionary Access Control (DAC), an Audit Capability, and Cryptographic Services. These products provide adequate security services, mechanisms, and assurances to process unclassified information and are also candidates for processing national security information.

PP conformant systems are suitable for use in unclassified environments which process administrative, private, and sensitive/proprietary information and are candidates for classified environments that utilize appropriate systems engineering and defense-in-depth strategies. However, when an organization’s most sensitive/proprietary information is to be sent from the TOE to another system across a publicly accessible network, the organization should also apply additional protection at the network boundaries.