Archived U.S. Government Approved Protection Profile - U.S. Government Biometric Verification Mode Protection Profile for Medium Robustness Environments, Version 1.0
Short Name: pp_bvm_mr_v1.0 Technology Type: Biometrics CC Version: 2.x Date: 2003.11.15 Succeeded By: pp_bvm_mr_v1.1
Sunset Date:
2008.03.21
Conformance Claim: Medium Robustness Protection Profile![]() Validation Report ![]() CC Certificate ![]()
PP OVERVIEWThe U.S. Government Biometric Verification Mode Protection Profile for Medium Robustness Environments specifies the minimum functional and assurance security requirements for biometric products operating in verification mode to provide authentication allowing physical and logical access control to facilities as well as to information systems in medium robustness environments. Biometric systems are enabling technologies designed to augment existing security measures by positively authenticating individuals based on measurable physical features or behaviors. Due to the unique nature of a biometrics TOE and the desire of the PP authors to attempt to accommodate the wide range of biometric technologies, explicit requirements were necessary, as was a great deal of refinement of the CC requirements. The requirements section of this PP specifies a need to protect biometric templates, to provide confidentially, and integrity. Since the biometric package (which includes the user identifier and their associated reference template(s)) may be stored in a device outside the control of the TOE, the biometrics TOE encrypts biometric packages for confidentiality reasons, and an enrolling TOE cryptographically signs a biometrics package so that modification of the package can be detected. A TOE conformant to this PP satisfies the specified functional requirements, as well as the Medium Robustness assurance requirements that are expressed in Section 5.2 TOE Security Assurance Requirements. The assurance requirements were originally based upon Evaluated Assurance Level (EAL) 4. In order to gain the necessary level of assurance for medium robustness environments explicit requirements have been created for some families in the ADV class both to remove ambiguity in the existing ADV requirements as well as to provide greater assurance than that associated with EAL4. This PP defines:
SECURITY EVALUATION SUMMARYThe evaluation was performed under the Common Criteria Evaluation and Validation Scheme (CCEVS). The purpose of the evaluation was to demonstrate that the U.S. Government Biometric Verification Mode Protection Profile for Medium Robustness Environments meets the APE security assurance requirements according to the Common Criteria for Information Technology Security Evaluation, Version 2.1 and Part 2 of the Common Methodology for Information Technology Security Evaluation, Version 1.0. Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by COACT, Inc. CAF Lab. The evaluation was completed on November 17, 2003. The results of the U.S. Government Biometric Verification Mode Protection Profile for Medium Robustness Environments evaluation can be found in U.S. Government Biometric Verification Mode Protection Profile for Medium Robustness Environments Validation Report prepared by the CCEVS Validation Team. The evaluation was completed in November 2003. Results of the evaluation can be found in the Validation Report prepared by the National Information Assurance Partnership (NIAP) CCEVS-VR-03-0050. ENVIRONMENTAL STRENGTHSThe evaluation of the U. S. Government Biometric Verification Mode Protection Profile for Medium Robustness Environments, Version 1.0 provides specification for environments in which TOEs with various levels of robustness are appropriate to meet Medium Robustness level of independently assured security requirements. The assurance requirements were chosen to be consistent with this goal. This U.S. Government Approved Protection Profile is not assigned to any Validated ProductsThis U.S. Government Approved Protection Profile does not have any related Technical DecisionsPlease forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT). Please forward any general questions to our Q&A tool. |