NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems

Short Name: pp_authsrv_br_v1.0

Technology Type: PKI/KMI

CC Version: 2.x

Date: 2005.06.29

Succeeded By: pp_authsrv_br_v1.1

Sunset Date: 2008.03.21

Conformance Claim: Basic Robustness

Protection Profile 

Validation Report 

CC Certificate 

PP OVERVIEW

The U.S. Government Protection Profile for Authorization Server for Basic Robustness Environments (PPASBRE) specifies a set of security functional and assurance requirements for Authorization Server products. The Authorization Server is a family of software products that supports access control of IT resources (e.g., web servers, databases, application servers, individual web pages, and specific data files/objects). Authorization Server functionality provides a capability to map a principal’s identity to a set of privilege attributes. When acting as an Authorization Server, the TOE executes pre-defined rules or policies which compare a principal’s privilege attributes to the requested IT resources access requirements to make an access control decision. The majority of products with PPASBRE compliant STs will support Authorization Server functionality, but it is not mandatory (it is possible to comply with PPASBRE with only Attribute Authority functionality). The following additional functionality may or may not be present in an Authorization Server product and is specified by the refinement of the security functional requirements (SFRs). For the ST authors, relevant SFRs and application notes in the relevant SFRs details where refinements should be applied.

The additional functionality includes:

• Authorization Enforcement – If the TOE enforces the access control decision to grant or deny access to a resource.
• Authentication Server – If the TOE performs authentication of the principals who are attempting to access protected resources.
• Attribute Authority – If the TOE provides an interface for external applications and/or users to obtain principals’ privilege attributes

The deployment of Authorization Servers can also be characterized as a deployment of “Privilege Management Infrastructure” (PMI). The PMI can be defined as the systems, processes and software required to operate an “Authorization Service.”

PPASBRE-conformant products provide the ability to protect themselves and their associated data from unauthorized access or modification while ensuring accountability for authorized actions.

The PPASBRE is a “software only” PP dependent on the IT environment (hardware, operating system, and other software products) to meet some of the security functional requirements for a Basic Robustness environment (as defined by the NSA Information Assurance Directorate (IAD) document “Protection Profile (PP) Consistency Guidance for Basic Robustness”). This protection profile provides a level of protection that is appropriate for IT environments that have main Authorization Server components on a private protected network (e.g., behind firewalls) and administered by highly trusted users. The TOE and IT Environment do not fully address threats posed by malicious administrative or system development personnel. PPASBRE-conformant products are suitable for use in both commercial and government environments.

The PPASBRE was constructed to provide a target and metric for the development of Authorization Server software. This PP identifies security functions and assurances representative of the lowest common set of requirements that should be addressed by a useful Authorization Server. Targets of Evaluation (TOEs) compliant with this PP must meet the assurance requirements of Evaluation Assurance Level (EAL) 2 augmented.

This PP defines the following items:

• Assumptions about the security aspects of the environment in which the TOE will be used;
• Threats that are to be addressed by the TOE;
• Organizational security policies pertaining to the TOE;
• Security objectives of the TOE and its environment;
• Functional and assurance requirements to meet those security objectives; and
• Rationale demonstrating how the requirements meet the security objectives, and how the security objectives address the threats.

SECURITY EVALUATION SUMMARY

The evaluation was performed under the Common Criteria Evaluation and Validation Scheme (CCEVS). The purpose of the evaluation was to demonstrate that the U.S. Government Protection Profile for Authorization Server for Basic Robustness Environments meets the APE security assurance requirements defined in trial version 2.4 of the Common Criteria for Information Technology Security Evaluation: Security Assurance Requirements, Trial Version 2.4 revision 256, March 2004. The contents of the PP are from the Common Criteria for Information Technology Security Evaluation: Security Functional Requirements, Version 2.2, January 2004, ISO/IEC 15408-2 Part 2 extended and the Common Criteria for Information Technology Security Evaluation: Security Assurance Requirements, Version 2.2, January 2004, ISO/IEC 15408-3 Part 3. Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed on June 28, 2005. The results of the U.S. Government Protection Profile for Authorization Server for Basic Robustness Environmentsevaluation can be found in U.S. Government Protection Profile for Authorization Server for Basic Robustness Environments Validation Report prepared by the CCEVS Validation Team.

The evaluation was completed June 2005. Results of the evaluation can be found in the Validation Report prepared by the National Information Assurance Partnership (NIAP) CCEVS-VR-05-0106.

ENVIRONMENTAL STRENGTHS

The evaluation of the U. S. Government Protection Profile for Authorization Server for Basic Robustness Environments, Version 1.0 provides spec­ification for environments in which TOEs with various levels of robustness are appropriate to meet Basic Robustness level of independently assured security requirements. The assurance requirements were chosen to be consistent with this goal.

ASSURANCE MAINTENANCE

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

This U.S. Government Approved Protection Profile does not have any related Technical Decisions