NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems

Short Name: pp_dir_mr_v1.0

Technology Type: PKI/KMI

CC Version: 2.x

Date: 2004.09.17

Succeeded By: pp_dir_mr_v1.1

Sunset Date: 2008.03.21

Conformance Claim: Medium Robustness

Protection Profile 

Validation Report 

CC Certificate 

PP OVERVIEW

This PP specifies the minimum-security requirements for directories (i.e., the Target of Evaluation (TOE)) used by the Department of Defense (DoD) in Medium Robustness Environments. The directory provides controlled access to a repository of information (RI) for a single classification or marking, and is considered sufficient protection for environments where the likelihood of an attempted compromise is medium. The target robustness level of "medium" is specified in the Guidance and Policy for the Department of Defense Global Information Grid Information Assurance (GIG) and is further discussed in Section 3.0 of the PP. STs claiming compliance may consist of one or more devices, and, as a medium robustness TOE, must define its TOE to include all the components necessary to meet the security functional requirements, including the hardware.

The PP defines the requirements for a general-purpose directory that may be used in a variety of applications and systems, including Public Key Infrastructures (PKIs). The TOE for the directory includes security requirements for identification and authentication (I&A), access control, non-repudiation, audit, trusted channel/path, and TSF management, self-protection, and data availability. A cryptographic module is required for the security mechanisms that use encryption and digital signatures, e.g., trusted channel and I&A, respectively.

Relative to these requirements the PP includes:

• assumptions about the security aspects of the environment in which the TOE will be used;
• threats that are to be addressed by the TOE;
• security objectives of the TOE and its environment;
• functional and assurance requirements to meet those security objectives; and
• rationale demonstrating how the requirements meet the security objectives, and how the security objectives address the threats.

SECURITY EVALUATION SUMMARY

The evaluation was performed under the Common Criteria Evaluation and Validation Scheme (CCEVS). The purpose of the evaluation was to demonstrate that the U.S. Government Protection Profile (PP) Directory for Medium Robustness Environments meets the APE security assurance requirements according to the Common Criteria for Information Technology Security Evaluation, Version 2.1 and the Common Methodology for Information Technology Security Evaluation, Version 1.0. Validators, on behalf of CCEVS, monitored the evaluation carried out by COACT, Inc. a CAFÉ Lab.

The evaluation was completed in September 2004. Results of the evaluation can be found in the Validation Report prepared by the National Information Assurance Partnership (NIAP) CCEVS-VR-04-0068.

ENVIRONMENTAL STRENGTHS

The evaluation of the U. S. Government Protection Profile (PP) Directory for Medium Robustness Environments , Version 1.0 provides specification for environments in which TOEs with various levels of robustness are appropriate to meet Medium Robustness level of independently assured security requirements. The assurance requirements were chosen to be consistent with this goal.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

This U.S. Government Approved Protection Profile does not have any related Technical Decisions