PP Overview
This Firewall with Virtual Private Network (VPN) Boundary Gateway Protection Profile (PP) for Medium Robustness Environments was generated under the Network Boundary Information Assurance Technologies and Solutions Support (NBIAT&S) Program, sponsored by the National Security Agency (NSA). This Protection Profile is intended to be used as follows:
• For product vendors and security product evaluators, this PP defines the requirements that must be addressed by specific products as documented in vendor Security Targets (STs).
• For system integrators, this PP is useful in identifying areas that need to be addressed to provide secure system solutions. By matching the PP with available STs, security gaps may be identified and products or procedures may be configured to bridge these gaps.
This PP specifies the minimum-security requirements for network boundary devices that provide controlled connectivity between two or more network environments (hereafter referred to as the Target of Evaluation (TOE)) used by the Department of Defense (DoD) in Medium Robustness Environments. The TOE may be a dedicated device such as a firewall, or an enhancement to some other network device such as a router. The target robustness level of "medium" is specified in the Guidance and Policy for the Department of Defense Global Information Grid Information Assurance (GIG) [2] and is further discussed in Section 3.0 of this PP.
The TOE may consist of one or more devices that act as part of an organization's overall security defense by encrypting traffic flowing between enclaves that are geographically separated. . If the security policy specifies encryption, the TOE automatically encrypts all outgoing traffic from the enclave when it is destined for another enclave having the same security policy. If the security policy does not specify encryption, all outgoing traffic will be sent unencrypted. The TOE decrypts incoming traffic to the enclave when that traffic has been encrypted at the originating enclave.
The TOE supports user identification and authentication (I&A) where "user" is defined to be a human user acting in a role (i.e., Security Administrator, Cryptographic Administrator, and Audit Administrator) or an authorized IT entity. The TOE provides the capability to pass and block information flows based on a set of rules defined by the Security Administrator. Additionally, the TOE enforces security policies which restrict host-to-host connections to common Internet services such as: Telnet, File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), and Simple Mail Transfer Protocol (SMTP). The TOE supports encryption for remote administration, remote users and authorized IT entities (e.g., certificate server, NTP server), and generates audit data of security relevant events. The TOE supports IPSEC encryption using the ESP in tunnel mode for all traffic between itself and any peer TOE for which IPSEC encryption is specified in the information flow policy.
The assurance requirements were originally based upon Evaluated Assurance Level (EAL) 4. In order to gain the necessary level of assurance for medium robustness environments explicit requirements have been created for some families in the ADV class both to remove ambiguity in the existing ADV requirements as well as to provide greater assurance than that associated with EAL4. The assurance requirements are presented in Section 5.3.
This PP defines:
• assumptions about the security aspects of the environment in which the TOE will be used;
• threats that are to be addressed by the TOE;
• security objectives of the TOE and its environment;
• functional and assurance requirements to meet those security objectives; and
rationale demonstrating how the requirements meet the security objectives, and how the security objectives address the threats. |
![[X]](/assets/images/button_close.gif){kind=small}
