• NIAP
  Home
•  
  Evolution
  • Evolution FAQs
  • NIAP Goals
  • NIAP Policies/Procedures
  • Technical Communities
  • Commercial Solutions for Classified Programs
• CCEVS
  Big Picture
  • CCEVS Objectives
  • CC Testing Labs (CCTL)
  • Candidate CCTLs
  • CCEVS Interpretations
  • CCEVS Validation Body
  • CCRA and Partners
  • Defining the CCEVS
  • Events
  • Guidance to Consumers
  • Historical Perspective
  • Terms & Acronyms
•  
  Announcements
  • NIAP Announcements
  • Evolution Announcements
  • Partner Announcements
  • Director’s Corner Archive
• CCEVS
  Products
  • Product Compliant List
  • Products in Evaluation
  • Archived Product Compliance List
• Documents
  & Guidance
  • CC/CEM Documentation
  • Consistency Instruction Manuals
  • FAQs
  • Forms & Templates
  • LabGrams
  • PP Development Process
  • Scheme Policy Letters
  • Scheme Publications
  • VOR Schedule
• Useful
  Links
  • Common Criteria Portal
  • International Interps Database
  • National Institute of Standards & Technology
  • National Security Agency
  • NIST Computer Security Resource Center
  • NVLAP Lab Accreditations
  • Precedent Database
  • Public Interps Database
  • TTAP
• Protection
  Profiles
  • NIAP Approved Protection Profiles
  • Protection Profiles in Development
  • Archived Protection Profiles
• Contact
  Us
• NIAP
  Community

SITE INDEX  » pp  » pp

Archived U.S. Government Approved Protection Profile - U.S. Government Virtual Private Network Boundary Gateway for Medium Robustness Environments, Version 1.2

Short Name: pp_vpn_mr_v1.2

Technology Type: VPN

CC Version: 3.1

Date: 30 January 2009

Preceded By: pp_vpn_mr_v1.1

Sunset Date: 01 October 2009

Conformance Claim: Medium Robustness

Please note: This serves as an addendum to the VR for the Original Evaluated PP

 

PP OVERVIEW

The US Government Virtual Private Network (VPN) Boundary Gateway Protection Profile (PP) for Medium Robustness Environments was generated under the Enclave Boundary Security Technologies and Solutions (EBST&S) Support Program, sponsored by the National Security Agency (NSA). This PP is intended to be used as follows:

• For product vendors and security product evaluators, this PP defines the requirements that must be addressed by specific products as documented in vendor Security Targets (STs).
• For system integrators, this PP is useful in identifying areas that need to be addressed to provide secure system solutions. By matching the PP with available STs, security gaps may be identified and products or procedures may be configured to bridge these gaps.

This PP specifies the minimum-security requirements for VPN devices (hereafter referred to as the Target of Evaluation (TOE)) used by the Department of Defense (DoD) in Medium Robustness Environments. The target robustness level of "medium" is specified in discussed in section 3.0 of this PP.

The TOE may consist of one or more devices that act as part of an organization's overall security defense by encrypting traffic flowing between enclaves that are geographically separated. If the security policy specifies encryption, the TOE automatically encrypts all outgoing traffic from the enclave when it is destined for another enclave having the same security policy. If the security policy does not specify encryption, all outgoing traffic will be sent unencrypted. The TOE decrypts incoming traffic to the enclave when that traffic has been encrypted at the originating enclave.

The TOE supports identification and authentication for the administrative roles (I&A). The TOE shall generate audit data of security relevant events and will meet the medium assurance requirements as described in section 5.3 of this PP.

This PP defines:

• assumptions about the security aspects of the environment in which the TOE will be used;
• threats that are to be addressed by the TOE;
• security objectives of the TOE and its environment;
• functional and assurance requirements to meet those security objectives; and

rationale demonstrating how the requirements meet the security objectives

ENVIRONMENTAL STRENGTHS

The evaluation of the US Government Virtual Private Network (VPN) Boundary Gateway Protection Profile (PP) for Medium Robustness Environments, Version 1.1 provides specification for environments in which TOEs with various levels of robustness are appropriate to meet Medium Robustness level of independently assured security requirements. The assurance requirements were chosen to be consistent with this goal.

ASSURANCE MAINTENANCE

January 30, 2009

Assurance maintenance has been performed on this protection profile to update it to version 1.2. The changes reflected updates to cryptographic portion of the protection profile that were necessary based on comments from the CCTL and by the government cryptographic organization.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products