NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems

Short Name: pp_router_mr_v1.0

Technology Type: Router

CC Version: 2.x

Date: 2006.12.14

Succeeded By: pp_router_mr_v1.1

Sunset Date: 2008.03.21

Conformance Claim: Medium Robustness

Protection Profile 

Validation Report 

PP OVERVIEW

The U.S. Government Router PP for Medium Robustness Environments specifies a set of security functional assurance requirements for Information Technology (IT) products. A router monitors, routes and manipulates network traffic to facilitate its delivery for the proper destination on a network or between networks. The Router PP is applicable to products regardless of whether they are externally or internally facing a given network. In addition, it addresses only security requirements and not any special considerations of any particular product design. The Router PP was constructed to provide a target metric for the deployment of router devices. This protection profile identifies security functions and assurances that represent the lowest common set of requirements that must be addressed at Medium Robustness level by a router. The assurance requirements were originally based upon Evaluate Assurance Level (EAL) 4. In order to gain the necessary level of assurance for medium robustness environments, explicit requirements have been created for some families in the ADV class both to remove ambiguity in the existing ADV requirements and to provide greater assurance than that associated with EAL4. The assurance requirements are presented in Section 5.3.

This PP defines:

• Assumptions about the security aspects of the environment in which the Target of Evaluation (TOE) will be used;
• Threats that are to be addressed by the TOE;
• Organizational policies that must be addressed by the TOE;
• Security objectives of the TOE and its environment;
• Functional and assurance requirements to meet the security objectives; and
• Rationale demonstrating how the requirements meet the security objectives, and how the security objectives address the threats and policies.

SECURITY EVALUATION SUMMARY

The evaluation was performed under the Common Criteria Evaluation and Validation Scheme (CCEVS). The purpose of the evaluation was to demonstrate that the U.S. Government Protection Profile (PP) Router for Medium Robustness Environments meets the APE security assurance requirements according to the Common Criteria for Information Technology Security Evaluation, Version 2.1 and the Common Methodology for Information Technology Security Evaluation, Version 1.0. Validators, on behalf of CCEVS, monitored the evaluation carried out by the SAIC Lab.

ENVIRONMENTAL STRENGTHS

The evaluation of the U. S. Government Protection Profile (PP) Router for Medium Robustness Environments, Version 1.0 provides specification for environments in which TOEs with various levels of robustness are appropriate to meet Medium Robustness level of independently assured security requirements. The assurance requirements were chosen to be consistent with this goal.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

This U.S. Government Approved Protection Profile does not have any related Technical Decisions