NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help
  NIAP  »»  Protection Profiles  »»  Archived PPs  »»  Details  
Archived U.S. Government Approved Protection Profile - Intrusion Detection System Analyzer Protection Profile, Version 1.2

Short Name: pp_ids_ana_v1.2

Technology Type: Wireless Monitoring

CC Version: 2.x

Date: 2005.04.27

Preceded By: pp_ids_ana_v1.1

Succeeded By: pp_ids_ana_br_v1.3

Sunset Date: 2008.03.21 [Sunset Icon]

Conformance Claim: EAL2

Protection Profile [PDF]

Validation Report [PDF]



Herewith a brief summary, sufficiently detailed to enable a potential user to determine whether the PP is of interest. This PP version contains the same information as version 1.1. However, an Errata sheet section has been added to clarify some of the security functional requirements that do not support the stated applicability.

The Common Criteria (CC) Intrusion Detection System Analyzer Protection Profile (IDSAPP_V1.1) specifies a set of security functional and assurance requirements for Information Technology (IT) products. An Intrusion Detection system (IDS) monitors an IT System for activity that may inappropriately affect the IT System's assets. An IT System may range from a computer system to a computer network. An IDS consists of Sensors, Scanners and Analyzers. Sensors and Scanners collect information regarding IT System activity and vulnerabilities, and they forward the collected information to Analyzers. Analyzers perform intrusion analysis and reporting of the collected information.

IDSAPP_V1.2-conformant products support the ability to receive IDS Sensor or Scanner data and then apply analytical processes and information to derive conclusions about intrusions. IDSAPP_V.1.1-conformant products also provide the ability to protect themselves and their associated data from unauthorized access or modification and ensure accountability for authorized actions.

The IDSAPP_V1.2 provides for a level of protection which is appropriate for IT environments that require detection of malicious and inadvertent attempts to gain inappropriate access to IT resources, where the IDS can be appropriately protected from hostile attacks. Though products that are IDSAPP_V1.2-conformant can be used to derive analytical conclusions about a system or network in a hostile environment, they are not designed to resist direct, hostile attacks. The IDSAPP does not fully address the threats posed by malicious administrative or system development personnel. This profile is also not intended to result in products that are foolproof and able to identify intrusion attempts by hostile and well-funded attackers. IDSAPP_V1.1-conformant products are suitable for use in both commercial and government environments.

The IDSAPP_V1.2 was constructed to provide a target and metric for the development of Analyzers. This protection profile identifies security functions and assurances that represent the lowest common set of requirements that should be addressed by a useful Analyzer product.

The IDSAPP_V1.2 is generally applicable to products regardless of whether they are embedded, stand-alone, centralized, or distributed. However, it addresses only security requirements and not any special considerations of any particular product design.

It should be noted that just because an Analyzer may be conformant with this Protection Profile, that Analyzer should not be assumed to be interoperable with any other IDS component evaluated against a protection profile in the Intrusion Detection System family of Protection Profiles. There are no requirements for interoperability within the Protection Profiles.

Errata Section addition: As stated above, the Intrusion Detection System (Analyzer) Protection Profile is intended to be generally applicable to products regardless of whether they are embedded, stand-alone, centralized, or distributed. However, based upon the results of numerous products trying to claim conformance to this PP, it was noted that several of the security functional requirements do not support the stated applicability. The Errata Section identifies the areas that have been identified as problematic for software vendors who are seeking conformance to this PP and clarifies the security function requirements in a manner that would allow a vendor to successfully achieve compliance. Software vendors who follow the guidance in this Errata Section will be able to successfully claim conformance to this PP, effective immediately.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

This U.S. Government Approved Protection Profile does not have any related Technical Decisions

Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).

Please forward any general questions to our Q&A tool.

Site Map              Contact Us              Home